— Edition 1.247 52 verified trackers
ES EN
Politics · Technology · Digital regulation  ·  where data speaks before headlines
Snapshot data
AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7 AML/OFAC enforcement against banks and fintech — 418 penalties documented 418 AML/OFAC penalties documented across 177 countries and 379 regula… Corporate bankruptcy and insolvency (Chapter 11) — 4 major corporate bankrup… Corporate bankruptcies hit decade highs: over 717 in the year per S&P… High-impact litigation risk index — 4 high-impact litigations… The risk index (0-100) aggregates five objective factors —procedural … Merger control: multi-jurisdiction competition … — 9 decisions and jurisdict… Merger control diverges by jurisdiction in 2026: the Trump administra… PEPs and sanctions networks · Ibero-American graph — 40 PEP/company nodes with … Ibero-American PEP→company→sanction graph (core: Mapa del Poder, 424 … Sovereign debt distress and restructurings — 5 distress/restructuring … The IMF's 6th Global Sovereign Debt Roundtable report (April 15, 2026… Forced labor in supply chains: entity lists — 4 forced-labor exposure i… Upstream exposure intelligence densifies: the UFLPA Entity List reach… EU AI Act — designation of national authorities — 3/10/14 / 27 Member States Tracker's first event: 3 states with both authorities / 10 partial / … AI Act · Notified bodies for conformity assessment — 1 body with AI-specific a… Ecosystem 'not ready' as of Mar-2026 (standards unpublished, insuffic… Scandal → conviction gap — — milestones logged +1 mirror case: Uribe — 7 years to convict, 8 weeks to reverse, open-… Technology ↔ regulation gap — 26 regulatory milestones +1: Peru closes the generative-AI gap in ~3 years (DS 115-2025-PCM), … CNMC Spain · the Digital Services Coordinator g… — 6 documented milestones The gap becomes chronic: Congress struck down the CNMC's legal empowe… Corporate data breaches: from incident to response — 11 breaches documented +1: Canvas/Instructure, the largest known education breach (≈275M rec… Migration friction in corporate and event mobility — 3 incidents and policies … The 2026 World Cup works as a live stress test: 39 countries under fu… Power and corruption in the courts in Ibero-Ame… — 29 documented cases Jun-2026 review: Uribe updated — first-instance conviction overturned… Crypto · Licenses and authorizations by jurisdi… — 40+ CASPs with full MiCA au… July 1, 2026 cliff: the transitional regime expires (ESMA, Apr 17) wi… Data breaches · Class-action settlements — 5 settlements and mass ca… 271 million dollars across four settlements approved or with deadline… Digital regulatory risk index by country — 16 countries profiled Jun-2026 review: Brazil updated on two layers (EU adequacy Jan 26, 20… Digital services taxes (DST) by country — 3 tax-map milestones docu… About half of European OECD countries have a DST announced, proposed … Global election risk 2026: democracy and digita… — 32 elections profiled 32 electoral processes of 2026 profiled by political regime and digit… ESG · Greenwashing enforcement — 3 enforcement milestones … The legal floor arrives Sep 27, 2026 (ECGT across the 27; transpositi… EU · Digital & sustainability regulatory deadli… — 6 calendar milestones doc… Next critical deadlines: Jun 23, 2026 closes the high-risk classifica… Export controls · Entity List and advanced chips — 6 regime milestones docum… The 2026 shift: licensing for H200/MI325X and equivalents to China mo… GDPR · International transfers and adequacy dec… — 6 framework milestones do… The EU-US DPF remains in force after surviving its first judicial cha… LATAM · AI bills in legislative process — 150+ bills identified 150+ count re-verified; milestones: Peru only country with a regulate… LATAM · Judicial and regulatory sanctions on pl… — $5,2M USD · fine on X Corp. i… Paradigm shift: the STF declared Art. 19 of the Marco Civil partially… Digital political ad spending 2026 — 6 country-platform observ… AdImpact's revised projection (Jun 11): $11.6bn for the 2026 cycle — … Shadow fleet · Sanctioned vessels and enablers — 632 vessels designated by t… +46 vessels in the 20th package (Reg. 2026/506/509/511) to 632; Art. … Whistleblower awards · SEC, CFTC and equivalent… — 3 program milestones docu… The SEC awarded over $60M to 48 whistleblowers in fiscal year 2025 (2… AI Act · Sanctions regime and its actual enforc… — 0 documented AI Act fines… 0 AI Act penalties issued to date: enforcement of high-risk obligatio… Beneficial ownership transparency (UBO / CTA / … — 4 transparency milestones 4 beneficial-ownership transparency milestones documented; the EU req… Crypto industry: collapses, sanctions and convi… — 13 documented cases 13 cases of collapses, sanctions and convictions in the crypto sector… AI harms in court — litigation, rulings and set… — 103 documented cases 103 AI-related harm and rights lawsuits documented; 2026 milestones: … DMA · designated gatekeepers and real compliance — 9 documented DMA acts 9 DMA compliance actions documented against gatekeepers; 2026 develop… Documented electoral disinformation 2026 — 7 documented campaigns 7 electoral disinformation campaigns or patterns documented with open… GDPR · which national authority really sanctions — 11 authorities profiled 11 GDPR enforcement country profiles and milestones documented; 2026 … LATAM · Internet shutdowns and platform blocks — 8 documented events · 202… 8 internet shutdown and blocking episodes documented in Latin America… Operational resilience & cyber (DORA / NIS2 / SEC) — 4 regulatory milestones 4 operational-resilience milestones documented; 2026 is the first rea… Digital fines actually imposed — 61 sanctions recorded 61 high-value penalties across 18 jurisdictions and 6 continents; cov… Commercial spyware: documented cases worldwide — 23 documented cases 23 spyware and surveillance cases documented across the Ibero-America… Trade compliance & forced labor (UFLPA) — 4 actions documented 4 trade-compliance actions on forced labor documented; under UFLPA ar… US · the state AI regulation patchwork — 10 laws and milestones 10 state AI laws or milestones documented in the U.S.; 2026 developme… Electoral digital integrity 2026 — 13 elections profiled 13 elections profiled by digital integrity; 5 with transparent politi… Climate: the gap between pledge and action — 12 countries assessed 12 countries assessed by the Climate Action Tracker: 10 with insuffic… Content moderation: appeals and reversals — 19 documented decisions 19 appealed and reviewed moderation decisions, with their policy, ori… Public AI spending — global government contracts — 50 documented contracts 50 public AI contracts across 15 jurisdictions on 5 continents (45 wi… Campaign promises → fulfillment — 29 term evaluations 29 terms evaluated across 25 countries on five continents EU · Consolidated DSA enforcement decisions — €120M first DSA fine · X · 5 … 5 Member States referred to CJEU for insufficient DSC implementation LATAM · Digital spending in 2026 electoral camp… — $14.794M COP · highest declared … Only 8 of 13 campaigns had reported in Cuentas Claras by mid-May Ibero-America · documented public contracts wit… — 3 contracts verified with… DC registry kickoff · ongoing monthly manual sweep RSF · Press freedom in Latin America — 144 Peru's rank (the region… AR -11 · PE -14 · SV -8 · EC -31 · USA -7
/ trackers / eu-compliance-deadlines
Compliance · Regulatory calendar

EU · Digital & sustainability regulatory deadline calendar

The living calendar of when EU regulatory obligations apply and of every movement of those dates: AI Act, Digital Omnibus on AI, Omnibus I (CSRD/CSDDD), Cyber Resilience Act, NIS2, DORA and Data Act. Each entry documents the deadline, the legal instrument setting or moving it, the conditional mechanism if any, and adoption status. Deliberate boundary: penalties and compliance decisions live in their enforcement trackers (ai-act-sanctions-regime, eu-dsa-enforcement-consolidated, dma-gatekeepers-compliance, gdpr-enforcement-by-country) and institutional designations in ai-act-eu-authorities and ai-act-notified-bodies; this tracker answers a single question, the one compliance officers search most: from when does what apply to me, and who moved the date?

Snapshot · June 12, 2026
6
calendar milestones documented
↑ Next critical deadlines: Jun 23, 2026 closes the high-risk classification methodology consultation; Aug 2, 2026 REMAINS ACTIVE (GPAI transparency and the sanctions regime; and high-risk, unless the AI Omnibus agreed May 7 is published in the Official Journal first); Sep 11, 2026 starts mandatory Cyber Resilience Act reporting; post-Omnibus: Annex III → Dec 2, 2027, Annex I → Aug 2, 2028, Art. 50(2) labeling → Dec 2, 2026

Evolution

Documented events (6)

September 11, 2026 EU confirmed

September 11, 2026: mandatory Cyber Resilience Act reporting starts for products with digital elements

From September 11, 2026, the Cyber Resilience Act (Regulation (EU) 2024/2847) begins applying in its first operative phase: mandatory reporting of actively exploited vulnerabilities and serious cybersecurity incidents for products with digital elements. It is the CRA's first hard deadline and affects any manufacturer placing connected hardware or software on the EU market, with the regulation's remaining obligations rolling out in later phases. In parallel, member states advance NIS2 transposition with their own national deadlines — Germany, for instance, set registration obligations for early 2026 under its implementation act, with supervisory activity growing through the year.

August 2, 2026 EU confirmed

August 2, 2026: the AI Act's anchor deadline — transparency, the sanctions regime and conditionally suspended high risk

August 2, 2026 is the AI Act calendar's anchor date: transparency obligations for new generative AI (content labeling) and the sanctions regime with fines of up to 35 million euros or 7% of global turnover apply. For high risk, the date operates conditionally: if the AI Omnibus agreed May 7 is published in the Official Journal first, Annex III moves to December 2, 2027 and Annex I to August 2, 2028; if not, the original obligations apply as written. The public consultation on the high-risk classification methodology —which governs which system falls in which box— closes June 23, 2026, so companies must plan against two parallel calendars while the classification piece remains open.

May 7, 2026 EU confirmed

AI Omnibus political agreement: Annex III to Dec-2027, Annex I to Aug-2028, and a new ban on 'nudifiers' and CSAM

On May 7, 2026, Parliament and Council reached the provisional political agreement on the Digital Omnibus on AI (on the basis of Council document 9247/26): Annex III high-risk obligations (stand-alone systems: biometrics, HR, credit scoring, law enforcement) are deferred to December 2, 2027 (+16 months) and Annex I obligations (AI embedded in regulated products, such as medical devices) to August 2, 2028; Art. 50(2) labeling of AI-generated content moves to December 2, 2026 and national sandboxes to August 2, 2027. The agreement also introduces into Article 5 a new prohibition on AI-generated non-consensual intimate imagery ('nudifiers') and child sexual abuse material. The operative key underscored by law firms: the changes only take legal effect upon formal adoption and publication in the Official Journal, expected before August 2, 2026 — a date that meanwhile REMAINS an active compliance deadline. The transparency regime for new generative AI starts in August 2026 and, per sector tracking, 78% of mid-market companies remained unprepared, with penalties of up to 35 million euros or 7% of global turnover.

April 28, 2026 EU confirmed

Second AI Omnibus trilogue ends without agreement: August 2, 2026 remains the operative date

The second political trilogue between Parliament, Council and Commission on the Digital Omnibus on AI ended April 28, 2026 without agreement, after Parliament's March 26 approval (569 votes to 45). The operative consequence, underscored by law firms: if the Omnibus is not formally adopted before August 2, 2026, the AI Act's original provisions —including high-risk obligations and their timeline— apply from that date as written; organisations deploying AI in contexts such as employment had to keep preparing against the operative deadline. The structural lesson for compliance officers: an announced deferral is not an adopted deferral.

March 18, 2026 EU confirmed

Omnibus I in force: Directive 2026/470 rewrites the CSRD and CSDDD timelines overnight

The Omnibus I simplification package entered into force on March 18, 2026 via Directive (EU) 2026/470, amending the CSRD (sustainability reporting) and the CSDDD/CS3D (due diligence): listed SMEs fall out of the CSRD's mandatory scope and the CS3D's phased rollout is abolished. The change invalidated the compliance calendars companies had built earlier in the year: per sector tracking, Brussels moved more compliance deadlines in Q1 2026 than in the previous two years combined.

November 19, 2025 EU confirmed

Digital Omnibus on AI proposed: the Commission moves to defer high risk with a conditional mechanism

The European Commission published the Digital Omnibus on AI (COM(2025) 836) on November 19, 2025, proposing to defer the AI Act's high-risk obligations from August 2, 2026 with a conditional mechanism: they would apply 6 months (Annex III) or 12 months (Annex I) after the Commission confirms sufficient compliance-support measures exist (harmonised standards and common specifications), with long-stop dates of December 2, 2027 (Annex III) and August 2, 2028 (Annex I). The draft also proposed a grace period until February 2, 2027 for AI-generated-content labeling (Art. 50(2)) for systems placed on the market before August 2026, and attenuated AI-literacy obligations. Declared reason: delays in designating national authorities and finalising harmonised standards.

Methodology

Type
event-log
Construction
Multi-source verified
Cadence
event-driven

Sources consulted

  1. EUR-Lex — Diario Oficial de la UE (instrumentos consolidados) ↗ official
  2. Gibson Dunn — EU AI Act Omnibus Agreement: postponed high-risk deadlines ↗ press
  3. DLA Piper — The Digital AI Omnibus (update) ↗ press
  4. RegDossier — EU Compliance Deadline Tracker 2026-2028 ↗ press
  5. Covington Inside Privacy — What to Watch in 2026 (EU) ↗ press

Related pieces