NIS2 requires executive officers to assume direct responsibility for cybersecurity governance and incident reporting, with violations potentially resulting in personal liability.
The code of conduct provides signatories with direct compliance evidence to EU authorities, eliminating separate individual audits in each member state.
NIS2 and KRITIS impose varying levels of cybersecurity obligations on healthcare facilities depending on whether they are classified as critical infrastructure and their size.
The EU AI Act mandates binding compliance measures effective immediately and requires organizations to systematically classify and document their AI systems according to risk levels.
The EU Pay Transparency Directive creates information rights for employees and reporting obligations for employers that must be regulated by data protection rules—without specifying minimum group sizes for comparison groups.
