Blog  /  Compliance & Legal
10 Articles

Compliance & Legal

PCI DSS 4.0 added DMARC as a requirement in March 2025 for any organisation handling cardholder data, with monthly fines from $5,000 to $100,000 for non-compliance. NIS2 and DORA in the EU recognise email authentication as a required cybersecurity control. GDPR enforcement remains active. This category maps the legal frameworks (CAN-SPAM, CASL, GDPR, LGPD) onto operational practice — what consent looks like, what a one-click unsubscribe must do under RFC 8058, and how regulated industries (healthcare, financial services) configure email infrastructure to meet HIPAA and FINRA requirements.