THE DLegendDigital NEWSLETTER
The brief for technology experts
using new technology responsibly.
The Current is published the 1st and 15th of every month — a brief for technology leaders working with AI, cloud, and cybersecurity in the real world — build, run, migrate, modernize, govern. For CIOs, CTOs, CISOs, architects, and the engineering, operations, and compliance leaders translating new technology and policy churn into Monday-morning decisions.
Human vision, AI execution.
Why it's worth the inbox space
Built for technology leaders doing the actual work.
CIOs, CTOs, CISOs, architects, engineering and operations leaders — and the compliance practitioners working alongside them. For technology experts working with, creating, managing, and migrating new technology in the real world, and needing to do it without cutting the corners that come back to bite.
AI in the real world.
How technology teams are actually evaluating, deploying, and governing AI in regulated workflows — model choices, vendor risk, and the checks that matter, without the think-piece filler.
The tooling we build, and why.
First-look context on toolkit releases, formula logic, and the field lessons that drove each build. If we changed our mind about something, we say so.
Responsibility, as a practice.
NIST CSF revisions, SOC 2 changes, EU AI Act enforcement milestones — the guardrails around the technology you work with, translated into what your audit committee will ask on Monday.
One read, ~5 minutes.
The 1st and 15th of every month. One pillar per issue on an 8-week rotation — AI, cybersecurity, cloud, legislation. No roundups, no cross-promotion, no unsubscribe guilt.
We write the issue we'd have paid for in our last CISO role — the one that would have saved the quarterly briefing from being rewritten at 11 p.m. the night before.
See a real issue first
Read before you subscribe.
Every issue of The Current publishes as both an email and a public archive page. Open a recent one, read it end-to-end, and decide from there.
Read the full issueThe Current #4 — Your real vendor list has 50,000 names. Three April compromises proved it.
Inside this issue
- Axios. SAP CAP-JS. PyTorch Lightning. Three poisoned packages in thirty days proved your vendor risk register is missing 49,965 names. SBOM is no longer optional.
- Framework update — what shifted, and what your auditor will ask.
- AI policy, in plain English — one ruling or disclosure that matters.
- Field note — a lesson from a toolkit build we released.
Archive
Every issue, every time.
New readers never miss context. Click into any issue below.
The Current #4 — Your real vendor list has 50,000 names. Three April compromises proved it.
Axios. SAP CAP-JS. PyTorch Lightning. Three poisoned packages in thirty days proved your vendor risk register is missing 49,965 names. SBOM is no longer optional.
Past issues
The Current #3 — The state AI law map just split. Here's what your compliance plan actually has to do.
Texas live. California live. Colorado paused. "Wait for federal" is no longer a defensible compliance posture for any company doing AI across more than a couple of states.
The Current #2 — 90 days to the EU AI Act's high-risk deadline. What US teams actually have to do.
August 2, 2026 is when the EU AI Act's high-risk-system obligations kick in. Here is the short list of what US-based organizations with EU exposure need on file — and what can wait.
The Current #1 — Welcome + NIST CSF 2.0 Toolkit Launch
Welcome to The Current — DLegendDigital's twice-monthly brief for compliance practitioners. In this issue: the NIST CSF 2.0 Toolkit launch, a field note on the metric most programs get wrong, and what's coming in issue #2.