Press release

GA-Alliance lands in Pakistan: strategic partnership signed with Axis Law Chambers

MILAN – 29 January 2026

GA-Alliance, a global legal and tax firm with more than 2,600 professionals in 80 countries, announces its entry into the Pakistani market. The strategic partnership with Axis Law Chambers, a leading full‑service law firm in the region, marks a further expansion of GA‑Alliance’s network, which today covers geographies that generate nearly 90% of global GDP.

The agreement strengthens GA‑Alliance’s commitment to its “one‑stop‑shop” strategy. By integrating local expertise with the highest global standards, the Alliance offers clients a single, efficient access point for all legal and tax needs. This model removes the complexities of managing multiple advisers across different jurisdictions, delivering a coordinated and seamless experience that prioritizes clarity and business growth.

Axis Law Chambers brings to the Alliance a reputation for excellence, particularly in high‑value cross‑border mandates and advice on complex regulatory matters. Regularly listed by Chambers and Partners and The Legal 500, Axis Law stands out for its transactional work in corporate matters, mergers and acquisitions (M&A), employment law, intellectual property, foreign investment, public‑private partnerships, corporate governance, antitrust, tax, data protection and sectoral compliance. The firm advises clients in key industries such as energy, oil & gas, mining, healthcare, telecommunications, automotive, financial services, defense, retail, manufacturing, agriculture, media, IT, logistics, real estate and non‑profit organizations.

Axis Law also boasts one of Pakistan’s most authoritative dispute resolution practices, including litigation and international arbitration, with solid experience in proceedings before ICSID (International Centre for Settlement of Investment Disputes, based in Washington, D.C., and part of the World Bank), ICC (International Chamber of Commerce, based in Paris) and LCIA (London Court of International Arbitration, based in London). This depth of expertise ensures GA‑Alliance clients receive top‑level support in the world’s fifth most populous country, one of the most dynamic economies in Asia.

Francesco Sciaudone, Managing Partner of GA‑Alliance, emphasized the strategic importance of the operation: “Our entry into Pakistan through the partnership with Axis Law Chambers is another step that strengthens our global growth path. At GA‑Alliance, the goal is to simplify complexity for our clients. By extending our ‘one‑stop‑shop’ model to an outstanding Pakistani firm, we are increasingly able to offer our clients the ability to operate with confidence in a very large number of markets worldwide. We are not only expanding our geographic presence; we are enhancing a sophisticated ecosystem where international best practices and precision meet local market leadership to meet clients’ needs in a simple, direct and highly efficient way.”

About GA‑Alliance

With more than 2,600 professionals in 80 countries, GA‑Alliance is a global legal and tax firm with deep European roots, combining a strong legal tradition with a broad international presence. Founded on principles of excellence and innovation, GA‑Alliance offers integrated, multidisciplinary expertise and positions itself as a strategic partner to promote sustainable growth in an ever‑evolving regulatory environment.

About Axis Law Chambers

Axis Law Chambers is a leading Pakistani law firm recognized for excellence in corporate and transactional advice and in resolving commercial disputes. With a team of over 30 professionals and seven partners, the firm assists national and multinational clients in high‑impact transactions, regulatory compliance and complex dispute resolution matters, including international arbitrations.

GA-Alliance has recently supported the European Commission’s Directorate-General for Economic and Financial Affairs (DG ECFIN) by leading a study on the cross-border Cash-in-Transit (CIT) market.

The study assessed the legal, economic, and operational framework governing the professional cross-border transport of euro cash under Regulation (EU) No 1214/2011. Drawing on extensive stakeholder consultations, the study also examined the Regulation’s practical application more than a decade after its entry into force, identifying key challenges related to enforcement, market functioning, and operational efficiency.

Based on these findings, the study put forward a set of policy-oriented considerations to support the European Commission in shaping an informed position on the future of the Regulation, taking into account the EU’s broader policy objectives, including competitiveness, the digital and green transitions, and Better Regulation principles.

Overview of Cross-Border Euro Cash Transport

The cross-border transport of euro cash is a highly regulated activity within the euro area. Since 2011, this activity has been governed by Regulation (EU) No 1214/2011, which introduced a partially harmonized framework for the professional cross-border transport of cash by road. The Regulation sought to balance fair competition and high safety standards with national flexibility in areas where full harmonization was not considered appropriate.

More than a decade after its entry into force, the Regulation has delivered mixed results. In its 2022 implementation report, the European Commission identified shortcomings, including uneven monitoring and enforcement across Member States, limited awareness of the rules among operators, and operational inefficiencies linked to divergent national transport arrangements. These challenges raised questions about the Regulation’s effectiveness and its continued suitability for the evolving European cash landscape.

Commission Study: Purpose and Scope

Against this backdrop, the European Commission’s Directorate-General for Economic and Financial Affairs commissioned a comprehensive study to assess the existing economic and legal framework applicable to cross-border Cash-in-Transit (CIT) services. The purpose of the study – which GA-Alliance was entrusted with leading – was to provide the Commission with a robust analytical basis for deciding whether the Regulation should be reviewed.

To this end, the Study delivered an in-depth examination of the legal, economic, and operational dimensions of cross-border CIT activities within the euro area. From a legal perspective, it assessed inconsistencies arising both from the internal design of the Regulation and from its interaction with broader EU policies. From an economic standpoint, it analyzed the structure and functioning of the cross-border CIT market, identifying key constraints to efficiency and competition. The assessment was grounded in extensive stakeholder consultations, ensuring that the analysis reflected practical experience and lessons learned since the Regulation’s adoption.

Building on this analysis, the study explored four alternative policy scenarios designed to address the identified shortcomings. These scenarios ranged from maintaining the existing regulatory framework while strengthening its implementation through non-legislative measures, to simplifying, substantially revising, or repealing the Regulation. Each scenario was assessed also within the European Union’s wider policy agenda, by taking into account the digital and green transitions, the European Commission’s Better Regulation principles, ongoing efforts to reduce administrative burdens and regulatory complexity, and the Draghi Report’s recommendations on strengthening EU competitiveness.

Based on its findings, the study formulated a set of policy-oriented considerations intended to support the European Commission in shaping an informed position on the future of Regulation (EU) No 1214/2011. These considerations aim to enhance legal certainty, improve market functioning, and ensure that the regulatory framework remains fit for purpose in a changing economic and policy environment.

Governance, Resilience, and Market Access

INDEX

• Executive summary
• Regulatory standstill and outlook
• Strategic imperatives and the evolution of digital governance
• Next Steps
• Conclusion

Download the Client Alert!

Executive summary 

On 20 January 2026, the European Commission presented a comprehensive “Cybersecurity Package”, proposing a targeted revision of the “EU Cybersecurity Act” (originally adopted as Regulation (EU) n. 2019/881) alongside amendments to Directive (EU) n. 2022/2555 (“NIS2 Directive”).

The original 2019 framework established a permanent mandate on the “European Union Agency for Cybersecurity” (“ENISA”) as the Union’s central technical authority and introduced the “EU Common Criteria-based” (“EUCC”)scheme, laying the foundations of the European cybersecurity certification system. 

Since then, the overall set of existing and emerging threats, has evolved considerably. Modern attacks frequently disrupt vital operations and industrial networks, revealing structural flaws in cross-border coordination. 

The 2026 proposal arrives at a critical juncture where cyberattacks no longer target data alone, but increasingly jeopardise critical infrastructure, essential services, as well as global supply chains. These vulnerabilities are compounded by hybrid threats and growing geopolitical dependencies on foreign technologies. 

Consequently, the proposal moves beyond mere technical standards to address systemic bottlenecks, aiming by reinforcing ENISA’s mandate and restructuring the certification architecture to ensure greater uniformity across the internal market. Additionally, it establishes a formal mechanism to manage risks within ICT supply chains, including the identification of high-risk providers and the implementation of safeguards in high-priority sectors.

For businesses, cybersecurity is no longer confined to regulatory compliance. It directly affects market access, contractual stability, investment planning, and long-term competitiveness within the European digital economy. 

The proposal will now follow the ordinary legislative procedure before the European Parliament and the Council of the EU, then entering a phase of interinstitutional negotiation and technical refinement. If adopted, it is likely to redefine both regulatory obligations and competitive dynamics within the European digital market.

Regulatory standstill and outlook 

The proposed reform initiative marks a shift from a predominantly technical compliance regime toward an integrated governance model anchored in institutional consolidation. At its core lies the strengthening of ENISA as the Union’s central technical authority.

By formalising the Agency’s role in drafting candidate schemes and providing structured technical support to national authorities, the European Commission seeks to eliminate the fragmented national practices that have historically undermined mutual recognition across the EU. This approach ensures a uniform interpretation of assurance levels (ranging from “basic” to “high”) while harmonising evaluation methodologies to facilitate a truly smooth internal market. 

The expansion of ENISA’s mandate includes operating a central EU-wide threat repository, issuing strategic early warnings, managing a unified incident reporting platform, and coordinating large-scale cybersecurity exercises across Member States. These functions position ENISA as the European Union’s definitive technical reference body, bridging the gap between high-level policy and real-time operational coordination.

In the meanwhile, the reform seeks to increase the practical relevance of EU certification schemes. Acknowledging that voluntary schemes have had limited adoption, the European Commission is refining procedures and linking certification more closely with other EU product regulations. This strategy eliminates administrative redundancies and prevents the duplication of audit requirements.

Certification development has also been modernised: new procedures incorporate proportionality principles, encourage international cooperation, and set a clear 12-month timeline for ENISA to propose new schemes. By prioritizing global interoperability, the EU intends to reduce compliance burdens for European companies while establishing its certification framework as a leading international standard.

Most significantly, the revision introduces a step change in supply chain security, treating certification as a tool for technological resilience during geopolitical instability. The creation of mechanisms to identify and monitor high-risk suppliers across eighteen critical sectors represents a decisive move against systemic risks. For the first time, the EU framework allows for the potential withdrawal of deployed products if a supplier is reclassified as high-risk, posing operational and financial implications for critical infrastructure and digital services.

Strategic imperatives and the evolution of digital governance

The proposed reform introduces a comprehensive change in how organisations must operate within the European digital setting, moving from isolated product-focused security to a holistic approach that emphasises organisational maturity.

Companies will be required to implement advanced governance through documented policies, rigorous internal processes, comprehensive control mechanisms, and risk management structures that transcend traditional technical boundaries. As the certification framework expands to encompass cloud services, 5G networks, managed security services, and overall cyber posture, technology providers will face heightened regulatory scrutiny and extended time-to-market cycles, even as their clients benefit from verified security standards. 

Crucially, the introduction of high-risk supplier mechanisms necessitates a proactive approach to supply chain resilience. This forces entities to assess geopolitical dependencies and monitor interconnected infrastructure. Organizations must, therefore, prepare for the potential replacement of hardware and revise contractual frameworks to mitigate the operational shocks of supplier reclassification. 

For small and medium-sized enterprises, this shift creates a dual challenge. Increased reliance on certified vendors may simplify security management while simultaneously driving up procurement costs. Consequently, these firms will require a higher degree of technical due diligence to remain competitive.

On the operational side, the centralisation of reporting through ENISA’s unified platform will significantly intensify obligations for “Security Operations Centres” (“SOCs”). These entities, alongside “Computer Security Incident Response Teams” (“CSIRTs”), must integrate deeply with EU-level reporting systems. While this improves situational awareness across the Union, it also introduces considerable administrative burdens. 

Next steps 

The proposal will follow the ordinary legislative procedure, requiring both the European Parliament and the Council to adopt their respective amendments. Afterwards, it will enter a phase of interinstitutional negotiations and technical refinement, aimed at balancing security measures with the practical needs of the market.

Conclusion 

The proposed reform of the “EU Cybersecurity Act” signals a transition from fragmented technical standards to a unified, geopolitically aware governance model.

• The consolidation of powers around the European Union Agency for Cybersecurity reduces national divergence and centralises threat reporting and operational coordination at EU level.
• Certification is now a tool for technological resilience rather than just a quality mark. The power to exclude high-risk suppliers in critical sectors forces a fundamental reassessment of thirdparty dependencies and hardware lifecycles.
• Closer alignment between certification schemes and horizontal product legislation increases the regulatory weight of EU certificates in determining market access and competitive positioning.
• Cybersecurity becomes a board-level responsibility, requiring integrated risk management, structured oversight to ensure alignment with enhanced EU-wide reporting obligations.