Common compliance frameworks

Highly recommended that you speak to expert advisors before tackling the ISO 27001 & NIS 2. You could also get very far with automation tools such as Formalize or Scytale or similar.

**ISO 27001 - Gold standard for Information Security Management**

• Identify risks, write down your security policies, and train your team.
• Get audited by a certified body to become officially compliant.

**GDPR - EU’s data protection law**

• Collect only the data you need, keep it secure, and be transparent about its use.
• Add a privacy policy to you’re website, cookie banner & automation for deleting data.

**NIS 2 - EU’s Cybersecurity Regulation**

• Appoint a security lead, review your cyber risks, and update your policies.
• Set up processes to report major incidents within 24–72 hours.

**EU AI Act – EU’s Artificial Intelligence Regulation**

• Check if you’re using high-risk AI (e.g., hiring, credit scoring, medical) → if yes, follow strict rules. If not, still follow transparency steps for general AI.
• Implement required processes: do risk assessments, set up human oversight, document performance/testing, and maintain logs.
• For high-risk systems: get them certified by EU bodies before use.
• For general-purpose AI: publish clear transparency info (like model details and data used).