New Features by Month - Enterprise DLP - February 2026

Customizable Proximity Keyword Distance enables you to control the maximum character distance between sensitive data and proximity keywords required to trigger an Enterprise Data Loss Prevention (E-DLP) detection to up to 1,000 characters. By default, Enterprise DLP requires sensitive data to be within 200 characters of the proximity keyword which might be too restrictive for detecting valid matches or too permissive in other scenarios, potentially causing false positives.

When creating or editing a regular expression (regex) data pattern, you can specify exactly how close proximity keywords must be sensitive data to constitute an Enterprise DLP detection. For large files or traffic containing sensitive data where related proximity keywords might be separated by longer text blocks, you can increase the proximity distance to ensure proper detection. Conversely, for files or traffic where you need tighter control to reduce false positives, you can specify a smaller proximity distance to ensure only closely associated keywords trigger a match. Enterprise DLP always adheres to the proximity distance configured in the matched data pattern when a detection occurs. To support your compliance requirements, Enterprise DLP generates an audit log when a data security administrator edits an existing data pattern to modify the keyword proximity distance for a data pattern.

The ability to customize the proximity keyword distance provides you with greater flexibility and precision when deploying multiple data patterns. This helps your organization achieve the right balance between comprehensive data protection and operational efficiency.

To ensure efficient, scalable, and accurate data dictionary maintenance, Enterprise Data Loss Prevention (E-DLP) now includes comprehensive management capabilities for data dictionaries. Enterprise DLP now provides data security administrators the ability to view, edit, sort, and delete keywords across both custom data dictionaries directly within Enterprise DLP to reduce the management overheard. Additionally, you can download any data dictionary for rapid offline editing and keyword manipulation before quickly re-uploading the modified file. Furthermore, You can view all the keywords directly within Enterprise DLP and efficiently search keywords within all custom predefined data dictionaries. The ability to view, edit, sort, and delete keywords associated with a data dictionary provides efficient data dictionary management capabilities to help ensure effective Security policy rule tuning and rapid compliance updates.

Organizations face a critical challenge when security policy rules block legitimate business activities: manual exemption requests create delays and administrative burden for both users and IT teams. The End User Coaching Exemption Requests feature streamlines how your organization handles security policy exceptions. When users encounter policy blocks while performing legitimate business activities, they can request exemptions directly within Autonomous Digital Experience Management (ADEM) rather than submitting tickets to IT.

You can configure multiple end user notification templates to grant exemption requests based on different DLP rule. For example, you can configure a notification template to automatically grant exception approvals for routine or low risk incidents, manager review for context-dependent cases, or security administrator approval for sensitive and high risk incidents. Additionally, you can provide the opportunity for end users to provide justification for why an exemption should be granted in the first place.

By implementing End User Coaching Exemption Requests, you reduce administrative overhead, accelerate legitimate business processes, and maintain security control—enabling your organization to balance essential security protections with business productivity needs in a streamlined, auditable manner.

Configuration errors during Enterprise Data Loss Prevention (E-DLP) policy updates pose risks, potentially leading to unintended security gaps or costly service disruptions. Enterprise DLP Configuration Export and Import addresses this challenge by providing a fast, reliable method for data pattern, data profile, and data dictionary configuration management. Enterprise DLP Configuration Export and Import enables your data security administrators to implement more rigorous change management processes for your data security policy.

For example, your data security administrators can use Enterprise DLP Configuration Export and Import to quickly validate data pattern, data dictionary, data profile changes in a non-production environment before deployment, ensuring consistency across your enforcement points. Conversely, they can export known good Enterprise DLP data pattern, data profile, and data dictionary configurations so they can import them back in the event of misconfiguration.

Enterprise DLP Configuration Export and Import is exclusively designed to manage the creation and updating of specific configuration elements, such as data patterns, data profiles, and data dictionaries within Enterprise DLP . When you import a configuration Enterprise DLP, only creates or updates data patterns, data dictionaries, or data profiles but does not delete.

Enterprise DLP generates an audit log capturing the details about the configuration export and import including the administrator that performed the operation, date the operation was performed, and time the operation was performed. These verifiable audit trails significantly strengthen your overall security posture, simplifying complex troubleshooting processes, and meeting stringent regulatory and internal governance compliance requirements.

Storing sensitive data unencrypted in configuration files creates significant vulnerabilities for your organization. If attackers compromise these files, they can access exposed passwords and tokens to gain unauthorized entry to your customer tenant. The Exact Data Matching (EDM) CLI app 6.0 addresses this risk by enforcing stricter protection for sensitive information. You can now use EDM CLI app to encrypt the Client ID and Client Secret for your service account to ensure these critical credentials remain secure even if the underlying file system is accessed.

Furthermore, maintaining compliance with regional data protection regulations is essential for organizations operating in global markets. Enterprise Data Loss Prevention (E-DLP) extends EDM coverage to support the detection of the Brazilian Cadastro de Pessoas Físicas (CPF) data format. This capability enables you to accurately identify and protect personally identifiable information belonging to Brazilian citizens. By detecting this specific data pattern, your security administrators can enforce granular policies that prevent data leakage and ensure your organization meets strict local privacy requirements.

Limited visibility into specialized file formats creates security blind spots where sensitive data can hide undetected. If your data loss prevention solution cannot parse these complex file types, you risk non-compliance and data leakage across your operational channels.

Expanded File Metadata and Content Inspection for supported file types addresses this gap by broadening support for deep metadata and content inspection for forwarded files. This capabilities enables Enterprise Data Loss Prevention (E-DLP) to performs full content analysis to identify sensitive patterns and extracts descriptive metadata, such as author and creation date. Additionally, an exclude-mode mechanism overcomes previous limitations by forwarding all file types from PAN-OS ® environments to Enterprise DLP . This ensures comprehensive inspection and consistent security posture, regardless of the originating enforcement point.

Enterprise Data Loss Prevention (E-DLP) now supports expanded Optical Character Recognition (OCR) image support:

Japanese Support for Optical Character Recognition — February 12, 2026

Enterprise DLP can now detect Japanese characters in images using OCR detection.