Manage consent with accessible templates, verify data subject requests with built-in identity checks, update risk scores faster, and stay current on global privacy laws.
This quarter’s updates introduce WCAG-aligned consent templates, structured DSR identity verification, faster multi-risk reviews, expanded PrivacyCentral standards, and new regulatory intelligence from Nymity Research.
Deploy accessible consent experiences globally
Cookie Consent Manager (CCM) Pro’s default cookie templates are automatically now WCAG 2.2 aligned. WCAG standards are widely used by many organizations to help achieve their digital web accessibility compliance obligations (e.g., the Americans with Disabilities Act and the European Digital Accessibility Act). You can read more in our FAQs.
Localization continues to expand. CCM Pro now supports 20+ Indian languages. Legacy templates include a built-in language selector so visitors can switch banner languages and review consent choices in their preferred language.
Scan visibility has improved as well. For customers who have Website Monitoring Manager, Website Monitoring scans now run under your account and link directly to the full Website Monitoring report, so you can review tracker details immediately after a scan completes.
Verify Data Subject Requests with Built-In Identity Verification
Data subject requests in Individual Rights Manager (IRM) now support international identity verification through IDology, including optional ID document scanning and challenge-question verification. Verification steps and outcomes are recorded directly in the request activity history.
If a requester fails the initial verification step, challenge questions provide a second attempt before the request is marked as failed.
Requests that do not pass verification can now be marked with a new “Unverified” request state, keeping them separate from verified requests until identity checks are completed.
Jurisdiction handling has also expanded. Dubai and Abu Dhabi are now selectable regions under the United Arab Emirates, allowing teams to route requests to the correct regional privacy framework for organizations operating in DIFC or ADGM jurisdictions.
Automation across DSR workflows has also expanded. New integration recipes allow requests to trigger validation and follow-up actions across connected systems, including updates, deletions, acceptance, or rejection based on match results.
Update risk faster and maintain clearer visibility into your data flows
A new Quick Action lets you calculate and update Data Processing Risk, Data Transfer Risk, and AI Risk for systems and business processes from a single guided workflow, allowing teams to update multiple risk types without navigating separate screens.
Data flow visibility has also improved. Nodes labeled “Multiple Entities” can now expand to reveal the systems, data subjects, or recipients grouped inside the flow, providing a clearer view of the entities behind each connection in your data map.
Maintaining your inventory is faster, too. Record Exchange now supports multi-select, allowing you to add multiple records at once, while bulk delete simplifies cleanup in the Third Party Discovery list.
New integration actions also allow risk workflows to trigger automated updates, including completing assessments or updating inherent risk.
New PrivacyCentral standards for better compliance
Assess and measure your organization’s compliance readiness across 130+ global laws and standards in PrivacyCentral. Leverage the new (and updated) standards to assess your compliance:
New Standards:
- EU – NIS2 Directive
- India – DPDP Rules
- UK – Privacy of Electronic Communications
- Taiwan – Personal Data Protection Act
- Taiwan – Enforcement Rules of the Personal Data Protection Act
Updated Standards:
- Chile – Law No. 19.628 on Personal Data Protection
- Colorado – Privacy Rights Rule
- Dubai – DIFC Data Protection Law 2020
- UK – UK GDPR (as amended by the Data Use and Access Act 2025)
- Brazil – LGPD
- New Zealand – Privacy Act
- China – Cybersecurity Law
Stay ahead with new Nymity privacy insights and laws
Our in-house privacy experts have been working hard, adding a large number of laws, updates, and content to Nymity Research. Gain a deeper understanding of privacy laws and topics, saving you time and money spent on privacy research and interpretation. Here are some of our latest updates:
Privacy Watch
- DoJ’s Bulk Sensitive Data Rule
- FTC Enforcement Trends
New Core Concepts
- Privacy Principles – Security
- Privacy Principles – Retention
- AI: AI Companions
- Information Security Governance
- Data Types – Location Data
- Individual Rights – Object to Processing
- Individual Rights – Access
New Topics
- Bangladesh – Personal Data Protection Ordinance
- Bosnia & Herzegovina – 2025 Law on Personal Data Protection
- Côte d’Ivoire – Data Protection Law
- Eswatini – Data Protection Act
- Liechtenstein – Data Protection Act
- Niger – Law No. 2022-59
New Responsible AI Topic
- Italy
- Japan
- US – Arkansas
- US – Illinois
- US – Maine
- US – Nevada
New Law Tables / Privacy and Cybersecurity Law Monitor
- Bangladesh – Personal Data Protection Ordinance No. 61 (2025)
- Brazil – Decree No. 12,622 (Authority on Children’s Law)
- Brunei – Data Protection Order
- China – Network Security Regulations
- Croatia – Regulations on the content and method of keeping records of employees employed by an employer
- Djibouti – Digital Code (Book Five: Consumer Law – Electronic Advertising and Direct Marketing)
- Djibouti – Digital Code (Book One: Protection of Personal Data)
- Ecuador – Resolution on Contractual Data Protection Clauses
- Ecuador – Regulation on Contractual Data Protection Clauses
- Iceland – Electronic Communications Act (ePrivacy)
- Israel – Law on Access to Digital Content After a Person’s Death (2024)
- Italy – AI Act
- Japan – Telecom Law
- Malawi – Data Protection Act
- Paraguay – Law No. 7593/25 on the Protection of Personal Data
- Peru – AI Law No. 31814
- Peru – AI Decree
- Portugal – Legal Framework for Cybersecurity (Decree-Law 125/2025)
- Switzerland – Federal Act on Information Security (Information Security Act, ISG)
- Taiwan – Basic AI Law
- UAE – Federal Decree-Law No. 26 on Child Digital Safety
- Vietnam – Law on Digital Transformations
- Vietnam – Law on Artificial Intelligence
- Vietnam – Decree 53/2022/ND-CP Cybersecurity Law
New United States legislation added
- US – Arkansas Cybersecurity Act
- US – California Civil Code Chapter 970 – Rental car companies electronic surveillance technology
- US – California Data Broker Registration and Accessible Deletion Mechanism (DROP Regulations)
- US – Louisiana Genomic Security Act of 2025
- US – Louisiana Online Protection for Minors
- US – Mississippi Walker Montgomery Protecting Children Online Act
- US – Nevada Provision of Health Services via AI by Schools and Health Providers
- US – New Mexico NMAC Amendment 2025 – Ethical Use of AI in Counseling and Therapy Practice
- US – New York Warning Labels for Addictive Social Media Platforms
- US – New York Technology Procurement Security Restrictions (A2237 / S3259)
- US – New York Responsible AI Safety and Education (RAISE) Act
- US – Texas Responsible Artificial Intelligence Governance Act (TRAIGA)
- US – Texas Government Code Chapter 2054 – Artificial Intelligence
- US – Texas Civil Practice and Remedies Code Chapter 100B – Liability for Financial Exploitation
- US – Texas App Store Accountability Act
- US – Utah App Store Accountability Act
- US – Utah Digital Choice Act
