Compliance Insights

Practical guides for European compliance teams.

DORA, ISO 27001, SOC 2, NIS2, and GDPR — written by compliance practitioners, not marketers.

European compliance is getting harder. DORA is already in force. NIS2 transposition deadlines have passed. The EU AI Act hits in August 2026. And teams are still managing frameworks in spreadsheets.

This blog covers what compliance teams actually need: practical implementation guides for DORA, NIS2, GDPR, ISO 27001, SOC 2, and the EU AI Act. Gap assessment walkthroughs, audit preparation checklists, framework comparisons, and regulatory updates - written by practitioners building compliance automation at Matproof.

Whether you are a CISO preparing for your first DORA audit, a DPO automating GDPR evidence collection, or a startup founder choosing between ISO 27001 and SOC 2 - start here.

Get weekly compliance updates

Stay ahead of DORA, NIS2, GDPR, and AI Act changes. No spam, unsubscribe anytime.

eu-ai-act2026-03-26

EU AI Act Readiness Report 2026: Why 64% of Companies Aren't Ready

EU AI Act readinessAI Act compliance 2026AI Act readiness report

Practical guides for European compliance teams.

Get weekly compliance updates

EU AI Act Readiness Report 2026: Why 64% of Companies Aren't Ready

Best DataGuard Alternative for Compliance Automation (2026)

Best Delve Alternative After the Compliance Scandal (2026)

Best Drata Alternative for EU Compliance (2026)

Best Secureframe Alternative for European Businesses (2026)

Best Sprinto Alternative for EU Compliance (2026)

Best Vanta Alternative for European Companies (2026)

EU AI Act Compliance: The Complete Guide for 2026

EU AI Act Fines and Penalties: What Non-Compliance Will Cost You

EU AI Act Compliance for FinTech: What You Need to Know

High-Risk AI Systems Under the EU AI Act: The Complete List

EU AI Act vs GDPR: Key Differences and How They Work Together

DORA Compliance Statistics 2026: 60+ Facts on Scope, Readiness, and Enforcement

GDPR Fines and Enforcement Statistics 2026: The Definitive Data on EU Data Protection

NIS2 Compliance Statistics 2026: 50+ Facts on Scope, Fines, and Readiness

10 Steps to DORA Compliance for Financial Institutions

12 DORA Incident Reporting Best Practices

5 GDPR Mistakes Companies Still Make in 2026

6 Key Differences Between SOC 2 Type I and Type II

7 Most Common ISO 27001 Audit Findings and How to Fix Them

8 Essential Controls for DORA ICT Risk Management

9 NIS2 Compliance Quick Wins for 2026

How AI Is Transforming Regulatory Compliance in Finance

Building a Compliance Culture: Beyond Checkbox Exercises

Why Compliance Automation Is Not Optional in 2026

CSRD Implementation in France: AMF Requirements

CSRD Reporting in Germany: BaFin and DRSC Requirements

CSRD Reporting for Manufacturing Companies

DORA Article 10 Explained: Detection of Anomalous Activities

DORA Article 11 Explained: Response and Recovery

DORA Article 12 Explained: Backup Policies and Recovery Methods

DORA Article 13 Explained: Learning and Evolving

DORA Article 14 Explained: Communication Policies

DORA Article 15 Explained: Further Harmonisation of ICT Risk Management Tools

DORA Article 16 Explained: Simplified ICT Risk Management Framework

DORA Article 17 Explained: ICT-Related Incident Management Process

DORA Article 18 Explained: Classification of ICT-Related Incidents

DORA Article 19 Explained: Reporting of Major ICT-Related Incidents

DORA Article 20 Explained: Harmonisation of Reporting Content

DORA Article 21 Explained: Centralised Reporting

DORA Article 22 Explained: Supervisory Feedback

DORA Article 23 Explained: Operational or Security Payment-Related Incidents

DORA Article 24 Explained: General Requirements for Digital Operational Resilience Testing

DORA Article 25 Explained: Testing of ICT Tools and Systems

DORA Article 26 Explained: Advanced Testing of ICT Tools, Systems and Processes (TLPT)

DORA Article 27 Explained: Requirements for Testers for TLPT

DORA Article 28 Explained: General Principles for ICT Third-Party Risk Management

DORA Article 29 Explained: Preliminary Assessment of ICT Concentration Risk

DORA Article 30 Explained: Key Contractual Provisions

DORA Article 31 Explained: Designation of Critical ICT Third-Party Service Providers

DORA Article 32 Explained: Structure of the Oversight Framework

DORA Article 33 Explained: Tasks of the Lead Overseer

DORA Article 34 Explained: Powers of the Lead Overseer

DORA Article 35 Explained: Conducting Oversight Activities

DORA Article 36 Explained: Harmonisation of Conditions Enabling the Conduct of Oversight

DORA Article 37 Explained: Cooperation Between Authorities

DORA Article 38 Explained: Fees for Critical ICT Third-Party Providers

DORA Article 39 Explained: International Cooperation

DORA Article 40 Explained: Information Sharing Arrangements

DORA Article 45 Explained: Information Sharing Arrangements - Detailed Provisions

DORA Article 5 Explained: ICT Risk Management Governance

DORA Article 6 Explained: ICT Risk Management Framework

DORA Article 7 Explained: ICT Systems, Protocols and Tools

DORA Article 8 Explained: Identification of ICT Risks

DORA Article 9 Explained: Protection and Prevention

DORA Compliance for Asset Management Firms

The Complete DORA Compliance Cost Breakdown

DORA Compliance for Crypto-Asset Service Providers

DORA Compliance in France: ACPR Requirements Guide

DORA Compliance in Germany: BaFin Requirements and Implementation Guide

DORA Compliance in Italy: CONSOB and Banca d'Italia Guide

The DORA Compliance Maturity Model: Where Does Your Organization Stand?

DORA Compliance in the Netherlands: DNB and AFM Guide

DORA Compliance for Payment Service Providers

DORA Compliance in Spain: CNMV and Banco de Espana Guide

DORA TLPT Requirements: Everything You Need to Know

DORA vs Basel III: Operational Resilience Requirements Compared

DORA vs NIS2: Key Differences and Overlaps Explained