EU Regulations

Overview of EU regulations relevant to organisations operating in the European Union. Each regulation has its own section with practical guides, checklists, and implementation roadmaps.

---

Regulations

AI Act (EU 2024/1689)

The world’s first comprehensive regulation of artificial intelligence. Classifies AI systems by risk level and establishes corresponding obligations.

• Overview --- What is the AI Act, risk categories, key obligations
• AI Inventory --- Guide for conducting an inventory of all AI systems
• Risk Classification --- Detailed classification of AI systems by risk level
• Compliance Checklist --- Complete checklist for AI Act compliance

Key deadline: August 2, 2026 --- full applicability for high-risk AI systems

---

NIS2 (EU 2022/2555)

EU directive on network and information security. Establishes cybersecurity requirements for critical infrastructure and essential services.

• Overview --- What is NIS2, who falls under it, key obligations
• Scope Determination --- Decision tree for determining your NIS2 category
• ISMS Requirements --- Information Security Management System requirements
• Compliance Checklist --- Complete checklist for NIS2 compliance

Key deadline: November 11, 2026 --- full implementation

---

GDPR (EU 2016/679)

EU regulation on the protection of personal data. Applies to all organisations processing data of EU residents.

• Overview --- What is GDPR, legal bases, data subject rights
• Data Processing --- Guide for proper processing of personal data
• Subject Rights (DSAR) --- Data subject rights and DSAR handling
• Compliance Checklist --- Complete checklist for GDPR compliance

Status: In force since May 25, 2018

---

Data Act (EU 2023/2854)

EU regulation on data sharing and cloud switching. Introduces new rights for IoT data access and eliminates vendor lock-in.

• Overview --- What is the Data Act, key provisions
• IoT Data Access --- Rights and obligations for IoT data
• Cloud Switching --- Cloud service switching rights and obligations
• Compliance Checklist --- Complete checklist for Data Act compliance

Key deadline: September 12, 2025 --- main provisions in effect

---

DORA (EU 2022/2554)

Digital Operational Resilience Act for the financial sector. Establishes ICT risk management, incident reporting, and resilience testing requirements.

• Overview --- What is DORA, five pillars, relationship to NIS2
• Compliance Checklist --- Complete checklist for DORA compliance

Status: Fully applicable since January 17, 2025

---

Cross-regulation overview

These regulations overlap and complement each other. For example:

• AI Act + GDPR --- AI systems processing personal data must comply with both
• NIS2 + DORA --- DORA is a lex specialis for the financial sector, replacing NIS2 requirements
• Data Act + GDPR --- Data portability rights extend beyond personal data
• NIS2 + Data Act --- Cloud switching supports supply chain resilience

---

Disclaimer

This content is for informational purposes only and does not constitute legal advice. For your organisation’s specific situation, we recommend consulting a qualified lawyer.

What’s next?

Need help with implementation? We offer a free 15-minute consultation.

Book a consultation -> | Test your readiness -> | Self-Assessment ->