France's e-invoicing mandate lands 1 September 2026. The developer's playbook.
The deadline nobody can opt out of On 1 September 2026, every business established in France that is subject to VAT — whether or not it actually charg…
Tech news from the best sources
The deadline nobody can opt out of On 1 September 2026, every business established in France that is subject to VAT — whether or not it actually charg…
I stopped treating the usability file as a compliance artifact years ago — it’s where product design and real people collide. When it’s done badly, th…
Mexico’s Public Registry of Commerce still runs through state-level implementation. Look up the same company twice and historical coverage can shift d…
We shipped eight endpoints on api.moltrust.ch (v2.5) this week. Three implement EU AI Act obligations directly. This is the short version for people w…
We built a SOC 2 reviewer for AI sessions — and kept AI out of the execution path AI coding tools now touch auth code, modify Terraform, handle creden…
Reuters reported this week that Beijing is considering limits on overseas access to China's most advanced AI models. No final rule has been announced.…
How to Prepare ECS Fargate for SOC 2 Compliance Originally published at https://fortem.dev/blog/ecs-compliance-soc2 AWS being SOC 2 certified doesn't …
TL;DR: Global organisations faced £1.23 billion in KYC/AML penalties in H1 2025. TD Bank's £3 billion fine was not really about money laundering. It w…
The UAE fintech sector spans three distinct regulatory authorities. Whether you are building for the CBUAE-licensed mainland, the DIFC, or the ADGM, t…
If your startup is going for ISO 27001, the document the auditor opens first is the Statement of Applicability (SoA) . Most engineering teams build it…
Monaco lists roughly 14,000 active entities in the Registre du Commerce et de l’Industrie (RCI). The register is small. That scale changes how you rea…
Eighty-two percent of data breaches in healthcare don't happen because of a sophisticated nation-state actor; they happen because a junior engineer ac…
If you work anywhere near payments, banking, crypto, or fintech in Europe, a new acronym is about to land in your backlog: AMLA — the EU's Authority f…
I support CE-marked Class IIa/IIb devices under MDR every week. Choosing an eQMS is rarely a technology decision alone — it’s a systems, audit-readine…
Why your cloud hosting keeps losing government contracts (and how to fix it) Your infrastructure might be bulletproof, but if you can't document it pr…
Every week I see the same question in AI governance communities: "We already have NIST AI RMF implemented. Does that cover our EU AI Act obligations?"…
If you build, run, or audit systems that touch protected health information (PHI), the HIPAA risk assessment is the document that quietly decides whet…
The deadline, stated plainly On August 2, 2026 — two months out as I write this — the EU AI Act's high-risk obligations under Annex III reach full enf…
TL;DR: The EU AI Act's high-risk provisions take effect August 2026. Your multi-agent pipeline is covered. But the regulation doesn't define "bias," d…
A new AI compliance service sits between AI models and end users to flag and replace any messages that might present a compliance problem.
Your ISMS is certified. Your Statement of Applicability covers the controls. Your auditor arrives and runs a DNS lookup on your domain. dig _dmarc.you…
The NIS2 directive became enforceable in EU member states in October 2024. It applies to roughly 160,000 organizations across Europe — significantly b…
When most people think about UK data sources to scrape, they go straight to Companies House. And they should — it's an excellent dataset. But there's …
You just watched a $32 million YC startup implode because they faked SOC 2 evidence for 494 companies. The Delve scandal, broken by Captain Compliance…
TL;DR: We built our first generation of compliance tooling on top of one of the big three cloud AI platforms. We fed it our screening data, our edge c…
Сразу важное: я не юрист. Я инженер, который пилит свой DNS-резолвер по ночам, и читал законы не от хорошей жизни, а потому что это мой бизнес, и мне …
В 2022–2024 западные CNAPP-платформы — Wiz, Prisma Cloud, Lacework — закрыли доступ для российских компаний. Сбер и Яндекс собрали свой стек на коленк…
Everyone talks about software EOL. Nobody talks about hardware EOSL. End-of-Support-Life (EOSL) hardware creates exactly the same security exposure as…
Most developers know about EOL software the way they know about eating vegetables. Sure, you should stay current. But the real reason to act isn't hyg…
Most compliance failures are not discovered in production. They're discovered in audit prep — when someone finally looks at what's actually running. S…