ELDR Observatory/REGULATORY
ELDR Intelligence · Continuous Monitoring

ELDR Regulatory Observatory.

Continuous monitoring of regulatory developments across EU, US, UK, and Nigerian regulatory environments — tracking the developments that create documentation and compliance obligations for institutions in ELDR's practice sectors.

Observatory Mission

The ELDR Regulatory Observatory monitors cross-jurisdiction regulatory developments in information security, AI governance, data protection, financial services regulation, healthcare technology regulation, and enterprise technology governance. Coverage is organized by the regulatory environment's materiality to ELDR's practice sectors — financial services, healthcare, technology, federal, and African markets — rather than by regulatory geography alone.

Coverage Scope
EU AI Act and GDPR enforcement developments
US SEC cybersecurity disclosure rule enforcement
FFIEC IT examination expectation evolution
UK FCA Consumer Duty and PRA prudential developments
NIST standards and guidelines development pipeline
FDA AI/ML regulation evolution
CISA directive activity and federal cybersecurity requirements
ELDR Signal Premium

Observatory intelligence and analysis published first to Signal Premium subscribers — 30-day exclusivity window before public release.

Subscribe
Current Intelligence Signals

Key developments monitored by the Regulatory Observatory — updated through ELDR practitioner observation and primary source analysis. Signal Premium subscribers receive detailed analysis and implications assessments.

The SEC's cybersecurity disclosure rules (effective December 2023) require material cybersecurity incident disclosure within four business days and annual cybersecurity risk management disclosures. Enforcement of the 'materiality' determination standard is becoming increasingly specific — and creating documentation obligations for incident assessment processes that most organizations have not yet formalized.
SEC Cybersecurity Disclosure Enforcement
SEC
EU member states are at varying stages of NIS2 Directive transposition into national law. NIS2 expands the scope of entities subject to cybersecurity requirements significantly relative to the original NIS Directive — healthcare, digital infrastructure, and financial market infrastructure entities face new obligations in many member states. NIS2 audit documentation requirements are materially different from existing GDPR documentation practices.
NIS2 Directive Implementation
EU
EU Digital Operational Resilience Act (DORA) entered into application January 2025 for financial entities. Third-party ICT risk management documentation requirements under DORA — register of ICT third-party service providers, contractual requirements, oversight documentation — are creating significant documentation program obligations for affected entities.
DORA Digital Operational Resilience
EU
FFIEC member agencies (OCC, Fed, FDIC, CFPB, NCUA) are developing AI examination guidance. The emerging examination expectation framework is converging on NIST AI RMF alignment with sector-specific evidence requirements — financial institutions with AI deployments are building documentation programs without settled examination expectations to build toward.
FFIEC AI Examination Expectations
FFIEC
The UK's Cyber Security and Resilience Bill is progressing through Parliament — it will expand NIS regulations, introduce new mandatory reporting requirements, and extend cybersecurity obligations to more sectors. Documentation obligations will align partially with NIS2 but maintain UK-specific requirements in a post-Brexit regulatory environment.
UK Cyber Security and Resilience Bill
UK
Intelligence Standard

Observatory intelligence is sourced from primary regulatory texts, official agency publications, and ELDR practitioner observation. Analysis is produced under the ELDR Institute Editorial Charter. Secondary media sources are not the primary basis for any Observatory signal.

ELDR Signal · Daily Intelligence

Observatory intelligence,
in your inbox daily.

Subscribe Free to ELDR Signal

Signal Premium for full Observatory analysis →