Three Things You Need To Know: September, 16th 2025

China Cracks Down on Dior Over Data Transfers:

China’s Ministry of Public Security’s Cybersecurity Protection Department concluded an investigation into French fashion brand Dior (Shanghai) Co. over a May 2025 data breach. Authorities determined Dior unlawfully transferred Chinese user data to its headquarters in France without undergoing a mandatory security assessment, signing a standard contract, or obtaining certification under China’s Personal Information Protection Law (PIPL). Investigators also found Dior failed to properly notify users about data handling practices, did not obtain separate consent, and neglected to apply safeguards such as encryption and deidentification. The ministry confirmed “administrative penalties” were imposed on Dior under the PIPL framework. The case shows Beijing’s increasingly strict enforcement of its data security and privacy regime, signaling to multinationals that compliance with Chinese cybersecurity laws is not optional but central to continued market access. While Chinese authorities have attempted to reduce regulatory burdens on foreign firms, Dior’s penalty revives concerns about the opacity of compliance standards, particularly what counts as “required” versus “recommended” practice. For multinationals, this creates heightened uncertainty, forcing companies to overcompensate on compliance costs or risk punitive action.

We advise all multinational companies operating in China to conduct a thorough review of their data handling practices, ensure full compliance with PIPL requirements, and implement robust user-consent and encryption protocols to mitigate the risk of regulatory penalties.

 

Russian Drone Incursions Into NATO Airspace Heighten Tensions:

Between September 9 and 13, 2025, multiple Russian drones violated Polish and Romanian airspace, prompting NATO to reinforce its eastern flank. Poland reported 19 drone incursions, while Romania tracked a drone for nearly an hour before it exited its airspace. Analysts interpret these incursions as deliberate provocations by Russia, designed to test NATO’s response capabilities and signal operational reach. In response, NATO launched “Operation Eastern Sentry,” deploying military assets from Denmark, France, Germany, and the UK to strengthen surveillance, air defense, and rapid response readiness along the alliance’s eastern borders. The operation includes air patrols, mobile anti-drone systems, and enhanced coordination with local defense forces. These developments underscore the heightened risk environment across Eastern Europe, where political tensions, military escalation, and unintended confrontations remain significant concerns.

We advise multinational executives and business leaders to monitor official government travel advisories. We also encourage companies to review contingency plans for personnel safety, supply chain disruptions, and emergency communication protocols.

 

Right-Wing Political Commentator Charlie Kirk Assassinated:

Charlie Kirk, founder of the conservative organization Turning Point USA and a close ally of former President Donald Trump, was fatally shot during a public speaking event at Utah Valley University (UVU) in Orem, Utah. The suspect, identified as 22-year-old Tyler Robinson, reportedly held left-leaning political views and had become radicalized through online subcultures associated with Reddit and gaming communities. Investigators discovered bullet casings engraved with anti-fascist phrases and meme references at the scene. Robinson is currently not cooperating with authorities, and his motive remains under investigation. The incident has intensified concerns over political violence in the United States, particularly targeting public figures. The assassination of Kirk underscores the escalating risks faced by individuals engaged in public discourse. The use of a sniper rifle in a public setting has raised questions about security protocols at public events and the potential for similar attacks in the future.

We advise organizations hosting public events to review and strengthen security protocols, including access control, surveillance, and emergency response plans. We also advise monitoring potential threats from online radicalization along with the continuing political tensions and ensuring staff and participants are aware of safety procedures.

Related Posts