EU AI Act Omnibus Agreement
What happened on 7 May 2026 The European Council and European Parliament reached provisional political agreement on the Digital Omnibus on AI — a legislative package designed to simplify and streamline how the EU AI Act is implemented. This is a real and material change to the timeline. It is not a rewrite of the Act’s core architecture. The risk-based framework — prohibited practices, high-risk systems, transparency obligations, governance requirements — remains entirely intact. The Omnibus requires formal adoption and publication in the Official Journal before it becomes binding law. On the basis of political agreement between both co-legislators, it…
READ MORE »
You Don’t Have a Compliance Team. Here’s What That Means When Your Staff Use AI.
In enterprise technology there was a challenge with what was called “skunk works”. There’s the software companies use and buy, and then there’s the stuff people make and create to do their work Bits of orphan code that glue workflows together. Workaround installed years ago. Some with a corporate memory. Most without documentation . My First customer services team at Microsoft used a CRM the team built on Access and Crystal Reports. Ran the whole department for a couple of years. I came across a consultant once in a large teaching hospital, who proudly showed me the macro-ridden spreadsheet that…
READ MORE »
WHOSE FLAG PROTECTS YOU?
A Series of 9 Posts Prepared 05-03-2026 Contents 1. Two Flags, One Problem — Why Neither Superpower Is Safe for European Data 2. The Warrant vs The Obligation — How Each Government Reaches Your Data 3. FISA Section 702 — The Surveillance Programme That Europe Cannot Ignore 4. China’s Seven Laws — The Cage That No Contract Can Open 5. The Adequacy Illusion — Why the Data Privacy Framework Doesn’t Solve the Problem 6. The Uncomfortable Similarities — What the US and China Actually Have in Common 7. Encryption — The One Technical Measure That Might Change the Equation 8.…
READ MORE »
THE WISDOM OF FOOLISHNESS
Contents 1. Public-Key Cryptography — The “Fool’s Errand” That Secured the Internet 2. The Crypto Wars — When Encryption Was a Crime 3. Zero Trust — From “Neat But Impractical” to Presidential Executive Order 4. Full Disclosure — “Information Anarchy” That Saved Us All 5. Penetration Testing — “You Want to Pay Someone to Hack Us?” 6. Bug Bounties — Paying Strangers to Break Your Software 7. Multi-Factor Authentication — “Too Inconvenient” to Bother With 8. Open Source Security — “You’re Giving Attackers the Blueprint!” 9. The Pattern — Why the Establishment Always Gets It Wrong First Post 1: Public-Key…
READ MORE »
The Current Security Landscape
• Average UK breach cost: £3.29 million (financial services: £5.74 million) • Shadow AI breaches cost an additional £498,000 • Internal threats (malicious/negligent/compromised) account for 30% of breaches • 63% of breached organisations lacked AI governance policies • Only 31% of UK organisations have governance policies for AI usage The attacks that succeed—phishing campaigns exploiting human behaviour, insider threats, shadow AI data leakage, supply chain compromise—occur in the 90% of the attack surface that basic technical controls cannot address. For organisations serious about security, the question is not whether to obtain Cyber Essentials (government procurement may require it), but whether…
READ MORE »
We’re going to need a bigger boat
I say this by way of explanation. Its my job. Here at CattleGrid we’re building a toll that’s at the intersection of governance and technology, AI technology specifically. Fingers on the pulse. However at the moment that pulse is racing. The rate of change is astonishing. The usually staid commentary of the corporate world is buzzing with enthusiasm tempered with some measure of alarm; From a VP at Meta getting her inbox wiped by a rogue openclaw instruction through to the kill chains in the American attacks on Iran AI is the debate everyone’s having. And its the thing everyone’d…
READ MORE »