EU Regulations

NIS2 Compliance: How to Achieve and Maintain Compliance in 2026

A practical guide to NIS2 compliance — step-by-step requirements, gap analysis, implementation roadmap, and tools you need. Learn how to achieve and maintain NIS2 compliance for your organisation.

2026-03-24 · By Emre Salmanoglu

NIS2 Article 21 and 23: Incident Reporting and Supply Chain Security Need More Than an ISMS

NIS2 Article 21 and 23 require operational incident reporting (24h and 72h) and supply chain risk management. An ISMS helps governance, but not day to day execution.

2026-01-06 · By Anna Bley

GDPR Compliance: Complete Guide for 2026 (Articles 28, 32, 33, 34)

GDPR compliance guide for 2026: checklist, Articles 28/32/33/34 requirements, latest fines (€7.1B total), and how to demonstrate compliance as a data controller and processor.

2026-03-18 · By Anna Bley

What Is NIS2? The Complete Guide to the EU NIS2 Directive (2026)

What is NIS2? The EU NIS2 Directive (2022/2555) requires organisations in 18 critical sectors to implement cybersecurity measures, report incidents, and manage supply chain security. Complete guide covering requirements, penalties, timeline, and how to comply.

2026-03-07 · By Emre Salmanoglu

DORA Compliance: Complete Guide to the Digital Operational Resilience Act (2026)

Everything financial entities need to know about DORA compliance in 2026 — ICT risk management, incident reporting, TLPT, third-party risk, enforcement updates, and how to meet the Register of Information deadline.

2026-03-24 · By Emre Salmanoglu

Vendor Assurance Under NIS2: What Article 21 Requires for Supply Chain Security

NIS2 Article 21(2)(d) requires continuous supply chain security. Point-in-time vendor assessments are no longer sufficient. Learn what the directive expects and how to meet it operationally.

2026-03-09 · By Anna Bley

Subprocessor Management Under GDPR Article 28: What Controllers Actually Expect

What do controllers, DPOs, and procurement teams actually expect from your subprocessor management? A practical guide beyond GDPR Article 28 minimum compliance — covering sub-processor lists, change notifications, data flow transparency, and ongoing due diligence.

2026-02-23 · By Anna Bley

Cyber Resilience Act (CRA): Complete Compliance Guide for 2026

Everything you need to know about the EU Cyber Resilience Act — mandatory cybersecurity requirements for products with digital elements, CE marking, SBOM obligations, September 2026 deadline, and compliance roadmap.

2026-03-26 · By Orbiq Team

DORA Article 19, 28 and 30: Why an ISMS Is No Longer Enough for Financial Entities

DORA requires operational client communication during incidents, an up-to-date ICT provider register, and continuous monitoring. An ISMS alone cannot deliver this.

2026-01-27 · By Anna Bley

EU AI Act Compliance: Complete Guide for 2026 (Regulation EU 2024/1689)

Everything companies need to know about EU AI Act compliance — prohibited AI, high-risk Annex III requirements, GPAI obligations, August 2026 deadline, penalties up to €35M, and a step-by-step checklist.

2026-03-26 · By Orbiq Team

Cyber Resilience Act Articles 13 and 14: Why an ISMS Is Not Enough

The CRA requires Security by Design, vulnerability reporting within 24 hours, SBOMs, and CE marking. An ISMS supports governance, but not product-level compliance.

2026-01-28 · By Anna Bley

NIS2 Requirements: Complete Guide to What You Must Do (2026)

All NIS2 requirements in one place — the 10 Article 21 risk management measures, incident reporting timelines, management liability, registration obligations, and 2026 enforcement updates.

2026-03-16 · By Orbiq Team

NIS2 Supply Chain Security: Requirements, Gaps, and How to Comply (2026)

NIS2 supply chain security requirements under Article 21(2)(d) demand continuous vendor oversight — not annual questionnaires. Learn what's required, where your ISMS falls short, and how to build the operational layer you need.

2026-02-22 · By Anna Bley

NIS2 Incident Reporting: The 24-Hour Deadline and How to Meet It (2026)

NIS2 incident reporting requires a 24-hour early warning, 72-hour notification, and one-month final report. Learn what qualifies as a significant incident, what each report must contain, and how to build the operational capability to report under pressure.

2026-02-22 · By Anna Bley

You're NIS2-Affected — Now What? The Operational Gaps Beyond Your ISMS

You've checked whether your organization falls under NIS2. The answer is yes. You have an ISMS. And now you're discovering: between what your ISMS covers and what NIS2 operationally requires, there's a gap. This article shows where it lies – and how to close it.

2026-02-22 · By Anna Bley

NIS2 Compliance Checklist: Complete Article 21 Requirements (2026)

The complete NIS2 compliance checklist covering all ten Article 21 risk management measures. Assess your readiness, identify gaps between your ISMS and NIS2 requirements, and prioritise your compliance roadmap.

2026-02-22 · By Anna Bley

Incident Response Plan vs. Incident Management System: What NIS2 Actually Requires

Every ISMS has an incident response plan. NIS2 requires an incident management system. The difference isn't semantic – it's operational. What an IMS must concretely deliver, which components it needs, and how to make the transition from plan to system.

2026-02-22 · By Anna Bley

NIS2 Audit Readiness: From Documentation to Continuous Evidence

NIS2 gives supervisory authorities the right to request evidence at any time. Not at your next audit. Not with advance notice. Any time. What this means for your evidence management – and why most organizations aren't prepared for it.

2026-02-22 · By Anna Bley

ISO 27001 Is Not NIS2 Compliance: What's Actually Missing

ISO 27001 provides the governance foundation for NIS2 – but not the operational execution. What's missing between ISMS documentation and actual NIS2 compliance, and why that's been a concrete problem since December 6, 2025.

2026-02-22 · By Anna Bley

NIS2 Third-Party Risk Documentation: What Auditors Actually Want to See

The specific evidence and documentation artifacts auditors check during NIS2 supply chain security assessments. Supplier registers, risk classifications, incident communication records, and how a trust center produces audit-ready third-party risk documentation as a natural byproduct.

2026-02-23 · By Anna Bley

The NIS2 Directive: Complete Guide to Directive (EU) 2022/2555

The NIS2 Directive (EU 2022/2555) is the EU's primary cybersecurity legislation. This guide covers the directive's structure, key articles, national transposition status, competent authorities, and how it differs from other EU cybersecurity laws.

2026-03-16 · By Orbiq Team

DORA vs NIS2: Key Differences, Overlaps, and What They Mean for Your Business

DORA and NIS2 are the EU's two most impactful cybersecurity laws. This guide compares scope, legal form, incident reporting timelines, penalties, and how lex specialis resolves overlap.

2026-03-20 · By Orbiq Team

EU Compliance Software: Complete Buyer's Guide (2026)

How to choose EU compliance software in 2026. Covers NIS2, DORA, GDPR, and CRA requirements, key features to evaluate, EU data residency risks, and how Orbiq compares.

2026-03-24 · By Orbiq Team

TISAX Compliance: Complete Guide for Automotive Suppliers (2026)

Complete guide to TISAX compliance in 2026 — assessment levels AL1/AL2/AL3, VDA ISA 6.0, ENX portal, costs, timeline, ISO 27001 overlap, and step-by-step process for automotive suppliers.

2026-03-25 · By Orbiq Team

BSI IT-Grundschutz: Complete Guide 2026 (Grundschutz++, Certification, Requirements)

BSI IT-Grundschutz explained: 111 building blocks, BSI Standards 200-1 to 200-4, Grundschutz++ reform from January 2026, certification process, NIS2 link, and costs for German authorities and companies.

2026-03-30 · By Orbiq Team

Pay Equity Software: Complete Buyer's Guide for EU Pay Transparency Compliance (2026)

Compare the best pay equity software for EU Pay Transparency Directive compliance in 2026 — features, pricing, and how to meet the 7 June 2026 deadline.

2026-04-07 · By Orbiq Team

Compliance Software Comparison for Germany: Buyer's Guide 2026

Comparing the best compliance software for German companies in 2026. Covers ISMS, GRC, NIS2, DSGVO/GDPR, BSI IT-Grundschutz, and EU data residency requirements.

2026-03-30 · By Orbiq Team

EU Pay Transparency Directive: Complete Guide (2026)

The EU Pay Transparency Directive must be transposed by 7 June 2026. What it requires, who it affects, key deadlines, and how it compares to UK and Norwegian equivalents.

2026-03-30 · By Orbiq Team

NIS2: Internal Proof vs External Proof

Most organizations focus on internal controls. NIS2 raises the bar by expecting evidence for both your own security posture and the ecosystem you operate in.

2025-11-14 · By Emre Salmanoglu