2nd February 2026
Cambodia Issues New Technology and Cyber Risk Management Guidelines for Banks and Financial Institutions
The National Bank of Cambodia issued the Technology and Cyber Risk Management Guidelines (TCRMG), setting mandatory expectations for banks and financial institutions across governance, cybersecurity operations, resilience, outsourcing, cloud adoption, and customer data protection. The Guidelines replace the 2019 technology risk guidance and establish measurable maturity requirements including annual penetration tests and biennial red-team exercises.
Cambodia
Cybersecurity
Banking
Read Full Article →
15th December 2025
Vietnam Enacts Landmark on New Cybersecurity Law
Vietnam's National Assembly promulgated the Law on Cybersecurity on 10th December 2025, establishing an expansive regulatory framework governing cyberspace activities, information systems protection, and cybersecurity incident response. Effective 1st July 2026, this comprehensive legislation imposes substantial obligations on domestic and foreign entities operating in or serving the Vietnamese market, including strict data localization requirements, rapid government response protocols, and content moderation obligations.
Vietnam
Cybersecurity
Data Localization
Read Full Article →
1st December 2025
India Finalizes Digital Personal Data Protection Rules
India has finalized the Digital Personal Data Protection Rules, 2025 (the "DPDPA Rules"), published in the Official Gazette on 13th November 2025 under notification G.S.R. 846(E). These Rules operationalize the Digital Personal Data Protection Act, 2023, establishing detailed mechanisms for data protection compliance, consent management, breach notification, and enforcement. The framework introduces a phased implementation approach with provisions taking effect between November 2025 and May 2027, and includes an innovative Consent Manager framework for centralized consent governance.
India
Data Protection
Compliance
Read Full Article →
20th October 2025
China Finalizes Certification Route for Cross-Border Personal Data Transfers
The Cyberspace Administration of China (CAC) and the State Administration for Market Regulation (SAMR) jointly issued the Measures for Personal Information Cross-Border Transfer Certification (Order No. 20), effective 1st January 2026. These Measures establish the certification pathway for organizations transferring moderate volumes of personal data internationally, completing China's three-tiered cross-border data transfer regime. The certification route offers a streamlined alternative for non-CIIOs transferring 100,000 to less than 1 million individuals' personal data or fewer than 10,000 individuals' sensitive personal data.
China
Data Transfers
Compliance
Read Full Article →
15th August 2025
Cambodia's Draft Law on Personal Data Protection
Cambodia finalized its landmark Draft Law on Personal Data Protection on 23rd June 2025, establishing comprehensive data protection principles and mechanisms. The law covers both automated and non-automated processing, extends jurisdiction to foreign entities serving Cambodian data subjects, and designates the Ministry of Post and Telecommunications as the regulatory authority. Organizations face fines up to 600M Riels or 10% of annual turnover, with a two-year transition period for compliance.
Cambodia
Data Protection
ASEAN
Read Full Article →