Yahoo’s European regulator said it is preparing to give the U.S. Internet company the results of an investigation into the 2014 theft of data from 500 million users, including any remedial action to avoid a repeat of the breach.
Yahoo said in September last year that hackers had stolen the data in 2014, prompting criticism from U.S. politicians into the delay in notifying customers.
Ireland’s Data Protection Commissioner, the lead European regulator on privacy issues for Yahoo because the company’s European headquarters are in Dublin, told Reuters she would issue the report “in the next couple of weeks.”
“We are preparing to serve the final report on Yahoo EMEA and require of them any remedial actions we have identified,” Helen Dixon said in an interview. It will be up to Yahoo whether to make the report public, she said.
For more about Yahoo, watch:
A new EU-wide data protection law coming into force in May 2018 allows fines of up to 4% of global turnover. Until then, however, the office of the Data Protection Commissioner said it has no administrative capability to fine a company.
Get Data Sheet, Fortune’s technology newsletter
A spokesman for Yahoo said it has been cooperating with the commissioner’s office on the investigation and will review the findings carefully when they are available.