Executives: the EU AI Act is already in force — is your organization prepared?

European regulations for cybersecurity, privacy, data, and AI are emerging at a rapid pace. NIS2, DORA, CER, CRA… For many executives, it is becoming increasingly difficult to maintain oversight and determine the right priorities.

At IRM360, we regularly receive questions from executives and managers:

• Do we already need to comply with NIS2 or DORA?

• What does the AI Act mean for our systems and processes?

• Do our products fall under the CRA?

A rapidly growing and complex regulatory landscape

Organizations are increasingly becoming entangled in the expanding body of laws and regulations around cybersecurity, privacy, artificial intelligence, and digital governance.
Over the past few years, the EU has introduced a substantial regulatory framework that directly impacts operations, risk management, and compliance.

Key frameworks include: NIS2/CBW, CER, DORA, DSA & DMA, DGA, CRA, eIDAS 2.0 and the EU AI Act.

The EU AI Act is now in force, but many organizations still lack sufficient insight into the obligations that are coming. The Act will be phased in over the next two years, which requires clarity right now:

• Which AI systems are you using?

• What risks are associated with them?

• Which existing processes will soon fall under stricter requirements?

• And just as important: are your employees adequately trained to work with these new frameworks?

The difference between a Regulation (AI Act, DORA, DMA, DSA – directly applicable) and a Directive (NIS2 – requires national transposition) also determines how quickly your organization must demonstrate compliance.

The potential sanctions are significant: large fines, operational restrictions, and reputational damage.

How IRM360 helps

With our CyberManager software, we translate all these frameworks into concrete policies, controls, and continuous monitoring — efficient and future-proof.

Our integrated platform for risk awareness has been expanded with new e-learning modules, including AI awareness and — in the context of NIS2 — training for Management & the Board.
In addition, we are introducing the AIMS (AI Management System): a completely new management system to help organizations comply with AI legislation.

💬 Want to discuss your situation? Feel free to send a message.

#compliance #NIS2 #AIAct #DORA #CRA #cybersecurity #privacy #digitalresilience #IRM360 #riskmanagement