Compliance topic hubs.
Every framework in one place. Hub pages aggregate articles, industry playbooks, competitor comparisons, and readiness tools for each compliance area.
NIS2 Directive
The Directive, the German NIS2UmsuCG, Art. 21 ten measures, affected entities, penalties, and how 29,000 German organizations can operationalize it. One page, all the content.
View hub →DORA — Digital Operational Resilience Act
The 5 pillars, BaFin supervision, ICT risk management, TLPT under TIBER-EU, third-party management, incident reporting with 24h/72h/1-month timelines. One page, all the content.
View hub →SOC 2
Trust Services Criteria, Type 1 vs Type 2, audit preparation, cost, a European path that doesn't require US tooling. Articles, alternatives to Vanta/Drata, readiness assessment.
View hub →ISO 27001:2022
The 93 Annex A controls, the certification path, Statement of Applicability, audit preparation, realistic costs — plus industry-specific implementations for SaaS, manufacturing, healthcare, pharma.
View hub →EU AI Act
Risk classification (unacceptable / high / limited / minimal), Art. 4 KI-Kompetenz, Art. 26 deployer obligations, GPAI, Fundamental Rights Impact Assessment. Enforcement from August 2026 — start now.
View hub →GDPR / DSGVO
Records of processing (Art. 30), lawful bases, DPAs, 72-hour breach notification, subject rights, DPIAs, international transfers, Schrems II. Mature enforcement — fines exceed EUR 10M routinely in 2025-2026.
View hub →Penetration Testing
Provider selection, cost, types (webapp, API, cloud, Active Directory, red team), Pentest-as-a-Service, TLPT under DORA. Plus a free 30-minute external check as an entry point.
View hub →