Insights
Analyses of NIS2, DORA, EU AI Act and structured IT decisions
Practical articles for CISO, CIO, CRO, Legal and management bodies. Compact status assessments, obligation checklists and methodology notes that feed directly into audit preparation and board materials.
NIS2 thresholds 2026: am I an essential or important entity?
Check whether your organisation falls under NIS2: sector, size thresholds (headcount, revenue, balance sheet) and special cases. Practical decision tree with citations.
DORA 24-hour initial notification: what really has to be in it
How the DORA 24-hour initial notification to the competent authority should look, which fields are mandatory and how the SOC escalation trail should be built.
AI Act high-risk from August 2026: conformity assessment step by step
What providers and deployers of high-risk AI systems must demonstrate from August 2026: conformity assessment, technical documentation, FRIA, EU database registration.
NIS2 management body liability 2026: what boards must personally do
NIS2 Art. 20 makes management bodies personally accountable. Which duties, what training and resolution requirements, and what it means for D&O insurance.
EDR vs XDR vs MDR: when which fits (matrix 2026)
EDR, XDR or MDR? Decision matrix by SOC maturity, compliance load (NIS2, DORA), budget and staff. With market overview and typical wrong calls.
ISO 27001 vs NIS2 Mapping 2026: Where Controls Align and Where Gaps Remain
How ISO 27001 Annex A controls map to NIS2 Art. 21, where duties align and where NIS2 adds. With gap-analysis template.
NIS2 obligations for hospitals and healthcare providers 2026
What hospital IT leads must do in 2026: NIS2 Annex I health, link to KHZG and B3S, BSI registration, notification cascade, MFA, immutable backups.
NIS2 obligations for energy providers 2026
NIS2 for electricity, gas and heat network operators, energy utilities and generators: Annex I, link to EnWG § 11 1a/1b, BNetzA IT security catalogue, 2026 duties.
NIS2 obligations for water utilities 2026
Drinking water and wastewater operators under NIS2 Annex I: who is in scope at which size, what small municipal utilities must concretely do in 2026.
NIS2 obligations for pharma and life sciences companies 2026
Pharma, API producers and medical devices under NIS2 Annex II: 2026 obligations, conflicts with GMP, GxP validation and audit trail requirements.
NIS2 German transposition in 2026: what to do while the law is delayed
The German NIS2 transposition act (NIS2UmsuCG) is still not in force in mid-2026. What it means legally for in-scope companies and which five steps cannot wait, no matter when the law actually takes effect.
DORA Art. 30 mandatory contract clauses: checklist for ICT contracts
Which mandatory clauses must ICT contracts of EU financial entities contain under DORA Art. 30? A practical checklist for normal and for critical or important functions, plus guidance on renegotiating standard cloud contracts.
EU AI Act in practice: classify AI systems in five steps
Classifying AI systems is the first obligation under the EU AI Act. A pragmatic five-step workflow that lets organisations cleanly categorise each of their AI systems before August 2026.
Immutable backup: why it is non-negotiable under NIS2 in 2026
Backup concepts without immutability are no longer NIS2-defensible in 2026. What immutability means technically, which architectures work, and which mistakes trigger audit findings.