Trends, News, Guides, and Our Expertise

EU AI Act Enforcement: How Brussels Will Audit and Penalize AI Providers — and What This Means for Your Company

On March 12, 2026, the EU Commission published a draft implementing regulation that describes for the first time in concrete detail how GPAI model providers will be audited and penalized. What this means for companies using ChatGPT, Gemini, or other AI models.

Boris Friedrich

17. März 2026

7 min Lesezeit

NIS2 and DORA Are Now in Force: What SOC Teams Must Change Immediately

NIS2 and DORA apply without grace period. 3 SOC areas that must change immediately: Architecture, Workflows, Metrics. 5-point checklist for SOC teams.

Boris Friedrich

17. März 2026

10 min Lesezeit

Control Shadow AI Instead of Banning It: How an AI Governance Framework Really Protects

Shadow AI is the biggest blind spot in IT governance in 2026. This article explains why bans don't work, which three risks are really dangerous, and how an AI Governance Framework actually protects you — without disempowering your employees.

Boris Friedrich

17. März 2026

8 min Lesezeit

EU AI Act in the Financial Sector: Anchoring AI in the Existing ICS – Instead of Building a Parallel World

The EU AI Act is less of a radical break for banks than an AI-specific extension of the existing internal control system (ICS). Instead of building new parallel structures, the focus is on cleanly integrating high-risk AI applications into governance, risk management, controls, and documentation.

Boris Friedrich

17. März 2026

5 min Lesezeit

CRA Draft Guidance: What the EU Consultation Until March 31 Means for Manufacturers

The EU Commission published the CRA Draft Guidance on March 3, 2026 — with a consultation deadline of March 31. What's in it, who should comment, and what changes for manufacturers?

Boris Friedrich

17. März 2026

8 min Lesezeit

NIS2 Enforcement 2026: What Happens Now – and What Companies Must Do Immediately

The BSI is transitioning from the registration phase to active enforcement. 18,500 companies have missed the deadline and risk fines up to €10 million. This article explains what happens now and which immediate measures are mandatory.

Boris Friedrich

17. März 2026

9 min Lesezeit

CRA vs. NIS2 vs. DORA: Which regulation applies to whom?

CRA, NIS2 and DORA — three EU regulations that will take effect simultaneously in 2026. This article explains which regulation applies to whom, where the requirements overlap, and how companies can build an integrated compliance strategy.

Boris Friedrich

16. März 2026

The AI-supported vCISO: How companies close governance gaps in a structured manner

NIS-2 obliges companies to provide verifiable information security. The AI-supported vCISO offers a structured path: A 10-module framework covers all relevant governance areas - from asset management to awareness.

Boris Friedrich

13. März 2026

6 min Lesezeit

DORA Information Register 2026: BaFin reporting deadline is running - What financial companies have to do now

The BaFin reporting period for the DORA information register runs from 9th to 30th. March 2026. 600+ ICT incidents in 12 months show: The supervisory authority is serious. What to do now.

Boris Friedrich

10. März 2026

12 min Lesezeit

Your AI provider becomes a supply chain risk overnight - Why AI governance is now a top priority

The Pentagon classifies Anthropic as a security risk — on par with Huawei. Why AI governance is now a top priority and how a 5-pillar framework protects your company.

Boris Friedrich

09. März 2026

10 min Lesezeit

Overnight Supply Chain Risk: What the Anthropic Ban Means for Your Business

The US government banned Anthropic overnight. Why AI vendor lock-in is a strategic risk — and why vendor-independent multi-agent platforms are the only protection.

Boris Friedrich

28. Februar 2026

10 min Lesezeit

EU AI Act High Risk: What companies must implement by August 2026

Boris Friedrich

28. Februar 2026