Deadline watch

Use dated, source-checked signals to decide what deserves a checklist, brief, or monitoring rhythm.

This watch page separates active obligations from upcoming dates and turns them into safer first actions. Each item includes a source and last-checked note (2026-05-12). It is not a legal applicability decision.

Request deadline brief Get newsletter updates

How to read this page

active dates create evidence pressure.
future dates create preparation windows.
country/entity applicability still needs review.

Current watchlist

Active now · 2025-01-17

DORA applies

If finance or ICT-vendor exposure exists, set up continuous monitoring for critical services, owners, incident handling, testing, and third-party evidence.

Area: Finance / ICT third-party risk · Source: ESMA DORA page

Reviewed 12 May 2026.

Active now · 2025-06-28

European Accessibility Act application

Map covered product/service journeys, current statements, and obvious customer barriers before scoping remediation.

Area: Accessibility / ecommerce / digital services · Source: European Commission EAA page + Directive (EU) 2019/882

Reviewed 12 May 2026.

Active now · 2025-09-12

Data Act application

Prepare an inventory of data-access, portability, export, switching, and public claims before promising operational support.

Area: Data access / connected products / cloud switching · Source: European Commission Data Act page

Reviewed 12 May 2026.

Upcoming / phased · 2026-08 / 2027-08

AI Act high-risk rules

Prepare public-claim inventory, feature/use-case mapping, owner list, and evidence readiness before classification work.

Area: AI governance · Source: European Commission AI Act page

Reviewed 12 May 2026.

Upcoming · 2026-09-11

CRA reporting obligations

Map vulnerability handling, security-update ownership, product documentation, and supplier/security evidence.

Area: Software / hardware products with digital elements · Source: European Commission Cyber Resilience Act page

Reviewed 12 May 2026.

Future · 2027-12-11

CRA main obligations

Build product evidence ownership and lifecycle security routines early enough to avoid last-minute documentation work.

Area: Product cybersecurity · Source: European Commission Cyber Resilience Act page

Reviewed 12 May 2026.

Active / country follow-up · 2024-10-17

NIS2 national implementation deadline

Separate direct-entity analysis from supplier evidence pressure and country-specific implementation questions.

Area: Cyber / critical and important entities · Source: European Commission NIS2 implementing-regulation page

Reviewed 12 May 2026.

From article to action

Move from reading to a small, non-sensitive first review.

1. Read the note

Start with a plain-English regulatory note grounded in official sources.

2. Use the checklist

Download a starter checklist and collect only non-sensitive evidence for first-review scoping.

3. Request a clear first review

Turn the update into a small role/sector/country brief reviewed manually before deeper work.

4. Set a monitoring rhythm

If the pressure repeats, convert notes into a watchlist and recurring update rhythm.

5. Prepare an evidence pack

When deadlines or customers require proof, assemble review-ready structure without claiming legal compliance.

View the review path Request a scoped brief