The EU AI Act mandates binding compliance measures effective immediately and requires organizations to systematically classify and document their AI systems according to risk levels.
The EU Pay Transparency Directive creates information rights for employees and reporting obligations for employers that must be regulated by data protection rules—without specifying minimum group sizes for comparison groups.
A unified EU reporting form for data breaches is intended to eliminate national differences and require greater transparency on causes and protective measures.
NIS2 requires companies to establish structured governance, implement technical security measures, and maintain demonstrable incident-response processes, for which CISOs must assume full responsibility at board level.
NIS2 requires organisations to ensure security awareness functions in real work situations and does not remain merely theoretical knowledge — a focus on behavioural change rather than compliance documentation.
Official NIS2 compliance audits begin on June 30, 2024, and will verify the actual implementation of cybersecurity measures at critical infrastructures and important digital services.