EU compliance, GRC, and assurance, explained by the team that maintains them
Long-form and reference resources on the regulations and frameworks European SMEs operate under. Each topic is a hub: a canonical definition plus the practical guides, comparisons, and articles that sit underneath it.
EU AI Act
The EU AI Act is the European Union’s horizontal regulation on artificial intelligence. It classifies AI systems by risk tier and imposes obligations on providers, deployers, importers, and distributors that touch the EU market.
GDPR
The General Data Protection Regulation is the European Union’s data protection law. It governs how personal data of individuals in the EU is collected, processed, transferred, and stored, with extraterritorial reach to any organisation that processes that data.
ISAE 3402
ISAE 3402 is the international assurance standard for reporting on controls at a service organisation. It is the SOC 1 equivalent used outside the United States, most commonly required when a service organisation processes data that affects the financial reporting of its customers.
NIS 2
NIS 2 is the European Union’s second-generation cybersecurity directive. It expanded the original NIS Directive to a much wider set of sectors and entities, and was transposed into national law by member states by 17 October 2024.
ISO 27001
ISO/IEC 27001 is the international standard for an information security management system (ISMS). It is the certification European enterprise procurement most commonly asks software vendors for, and the framework most NIS 2 entities use to demonstrate alignment.
Agentic GRC
Agentic GRC is a category of governance, risk, and compliance software in which AI agents read a customer’s product, documents, and operational context, then draft and maintain the compliance work end-to-end. The defining property is autonomy: agents act, not just retrieve.
Trust Centre
A Trust Centre is the customer-facing surface where a software vendor exposes its certifications, policies, sub-processors, and live compliance posture to prospects, customers, and their auditors. The modern Trust Centre replaces emailed PDF security questionnaires.