Orphaned accounts in decentralized cloud services constitute a direct breach of NIS2 requirements and trigger personal liability for company executives.
An IBM whistleblower testifies to years of cover-up of cyberattacks on US federal infrastructure by IBM and AT&T to secure government contracts, including APT-10 attacks with compromised systems in 20 countries.
NIS2 makes board members personally liable for cybersecurity and requires annual management documentation – CISOs must establish formal compliance evidence.
With the EU AI Act, HR AI systems become a compliance task: companies must establish governance structures and document AI deployments, while investments in HR AI in Germany are growing rapidly.
Approximately 1,300 CRITIS operators must register by July 17 under the CRITIS Umbrella Act and will thereby be subject to stricter cybersecurity and reporting obligations.
Mid-sized enterprises must manage NIS2 requirements, DADG obligations, and EU AI Act compliance in parallel, which consolidates resources and expertise.