George Zhao, the chief executive of Chinese smartphone firm Honor, has resigned from his position due to personal reasons, the company said on Friday.

“The company and the Board of Directors sincerely appreciate Mr Zhao’s outstanding contributions to the company during his tenure,” Honor said in a statement.

Jian Li, who’s been at Honor for four years in various senior management positions, will succeed Zhao as CEO.

In an internal memo posted by Chinese media and confirmed as accurate by an Honor spokesperson, Zhao said he was stepping down due to health reasons and planned to rest, recover and spend more time with his family.

Zhao called the decision to leave Honor “the most difficult decision” he has ever made.

Honor was spun off from Chinese telecommunications giant Huawei in 2020 in a bid to avoid U.S. sanctions that were crippling Huawei’s smartphone business.

Under Zhao’s leadership, Honor has aggressively launched smartphones with a focus on international markets. Zhao focused on high-end devices, including foldable smartphones, as he looked for Honor to look beyond China and challenge the likes of Samsung and Apple.

Honor’s market share in China has risen from 9.8% in 2020 to over 15% in 2024, according to Counterpoint Research. Outside of China, Honor’s market share hit 2.3% in 2024, compared to under 1% in 2020.

The company has looked to keep pace with rivals by launching artificial intelligence features on its device.

Neil Shah, partner at Counterpoint Research, said the company’s focus on high-end devices and technology is likely to continue under the new leadership.

“Honor’s focus on premiumization should continue if the brand wants to continue building its brand equity and differentiation point vs existing competitors, especially in premium markets such as Europe,” Shah told CNBC. 

“The focus on innovative foldable designs and advanced AI features and close partnerships with leading component suppliers would be key.”

Zhao’s successor Li will be tasked with trying to expand Honor’s presence overseas amid fierce competition, with a focus on making the brand more recognizable.

“Many don’t know Honor” outside of China, Counterpoint’s Shah said. “Building brand equity is tough and the company needs more time, money and differentiation points.”

Tough new European Union regulations requiring banks to bolster their cybersecurity systems officially come into effect Friday — but many of the bloc’s financial services firms aren’t yet in full compliance with the rules.

The EU’s Digital Operational Resilience Act, or DORA, requires both financial services firms and their technology suppliers to strengthen their IT systems to ensure the industry is resilient in the event of a cyberattack or any other forms of disruption. It entered into effect on Jan. 17.

The penalties for breaches of the new legislation can be substantial. Financial services firms that fall foul of the new rules can face fines of up to 2% of annual global revenue. Individual managers could also be held liable for breaches and face sanctions of as much as 1 million euros ($1 million).

So far, the rate of compliance among financial services firms with the new rules has been mixed, according to Harvey Jang, chief privacy officer and deputy general counsel at IT giant Cisco.

“I think we’ve seen a mixed bag,” Jang told CNBC in an interview. “Of course, the more mature-stage companies are further along looking at this for at least a year — if not longer.”

“We’re really trying to build this compliance program, but it’s so complex. I think that’s the challenge. We saw this too with GDPR and other broad legislation that is subject to interpretation — what does it actually mean to comply? It means different things to different people,” he said.

This lack of a common understanding of what qualifies as robust compliance with DORA has in turn led many institutions to ramp up security standards to the level that they’re actually surpassing the “baseline” of what’s expected of most firms, Jang added.

A Censuswide survey of 200 U.K. chief information security officers commissioned by Orange Cyberdefense, the cybersecurity division of French telecoms firm Orange, showed that 43% of financial institutions in Britain aren’t yet in full compliance with DORA.

That’s a concern because, even though the U.K. falls outside the European Union now, DORA applies to all financial entities operating within EU jurisdictions — even if they’re based outside the bloc.

“Whilst it is clear that DORA has no legal reach in the U.K., entities based here and operating or providing services to entities in the EU will be subject to the regulation,” Richard Lindsay, principal advisory consultant at Orange Cyberdefense, told CNBC.

He added that the main challenge for many financial institutions when it comes to achieving DORA compliance has been managing their critical third-party IT providers.

“Financial institutions operate within a multi-layered and hugely complex digital ecosystem,” Lindsay said. “Tracking and ensuring that all parts of this system evidentially comply with the relevant elements of DORA will require a new mindset, solutions and resources.”

Banks are also adding higher levels of scrutiny in their contract negotiations with tech suppliers due to DORA’s strict requirements, Jang said.

The Cisco chief privacy officer told CNBC that he thinks there is alignment when it comes to the principles and the spirit of the law. However, he added, “any legislation is a product of compromise and so, as they get more prescriptive, then it becomes challenging.”

“The principles we agree with, but any legislation is a product of compromise, and so as as they get more prescriptive, then it becomes challenging.”

Still, despite the challenges, the broad expectation among experts is that it won’t be long until banks and other financial institutions achieve compliance.

“Banks in Europe already comply with significant regulations which cover the majority of the areas that fall under DORA,” Fabio Colombo, EMEA financial services security lead at Accenture, told CNBC.

“As a result, financial services institutions already have mature governance and compliance capabilities in place, with existing incident reporting processes and solid ICT risk frameworks.”

Meanwhile, there are several other cybersecurity-focused regulations that organizations will have to come to terms, such as the Network and Information Security Directive 2, or NIS 2, and the Cyber Resilient Act. The former entered into force in October.

“As with any new regulation, there will certainly be a transitionary period as organisations adjust to new requirements and standards,” Sonatype’s Fox told CNBC. “This is the start of a long journey toward improving software security and resilience.”

A leading EU official has denied taking a softer approach to Big Tech, citing a “very clear legal basis” for regulators and pointing to several ongoing investigations into the likes of social media platform X and Meta.

The FT reported earlier this week that the EU was reassessing investigations into Apple, Google and Meta — a process that could ultimately lead to the European Commission, the executive arm of the EU, scaling back or changing the focus of their probes.

However, speaking to CNBC on Thursday, Henna Virkkunen, the European Commission’s executive vice president for tech sovereignty, pushed back.

“We have our Digital Service Act that came into force a little bit more than one year ago, and there is several formal proceedings going on against, we can say, all the big platforms: Meta platforms, Instagram, Facebook, also on X and with TikTok,” Virkkunen said.

“We are continuing the work, so there is not any new decisions made. So we are doing the investigations [to see] if they are complying with our rules,” she said.

The Digital Services Act or DSA, which came into full effect in 2024, gives EU institutions the power to regulate Big Tech in a bid to prevent illegal and harmful activities online, and clamp down on disinformation.

Despite these new powers, however, there are growing questions about how the EU is actually going to enforce the rules, particularly in the aftermath of President-elect Donald Trump’s return to the White House.

“It remains to be seen what the EU will do, as some investigations have gone further than others, but it is also clear that U.S. tech companies will try to use the Trump administration to push back on EU rules,” Dexter Thillien, lead analyst at the Economist Intelligence Unit, told CNBC.

It comes as the tech industry attempts to cozy up to Trump ahead of his second term as president. Tesla’s Elon Musk, Amazon’s Jeff Bezos and Zuckerberg will attend Trump’s inauguration next week, according to NBC news.

Meta’s CEO Mark Zuckerberg last week, meanwhile, called on the incoming U.S. president to look at the EU’s approach to Big Tech, saying the way the bloc applies competition rules is “almost like a tariff.”

EU official Virkkunen is one of a new team of politicians that began their work as members of the EU’s executive arm in December. Until now, the bloc has been considered a leader of tech regulation and has opened the door to several probes into the behavior of Big Tech companies.

When asked if she was considering taking a softer approach to the sector, Virkkunen said: “We [have a] very clear legal basis and regulation rules in Europe, and of course, now we are fully enforcing those rules.”

Virkkunen did not say whether she was feeling pressure as a result of Trump’s return to the White House. Instead, she said, “all companies, whether American, European or Chinese, have to respect the EU’s regulations.”

In December 2023, Musk’s X was hit with the EU’s first probe under the Digital Services Act. The European Commission is assessing whether X breached transparency obligations and its duties to counter illegal content.

At the time, the institution said it was specifically assessing areas linked to risk management, content moderation, dark patterns, advertising transparency and data access for researchers.

As Musk continues to court the far-right ahead of an election in Germany — including hosting a live discussion with AfD party leader Alice Weidel — there are questions about whether the European Commission will assess this conversation as part of the investigation.

“This is not about Elon Musk. It’s about X,” Virkkunen said.

“X is [a] very large online platform, they have to take their responsibilities, and they have to assess and mitigate the risks, for example, what they are posting for the electoral processes and for civic discourse. But [the European] commission is already investigating X on this, and the scope of investigation is already quite large,” she said, adding that “we are all the time monitoring” in case of new developments.