Beyond Silos: Building A Risk and Compliance Framework for GDPR, AI Act and NIS2

Companies and institutions across Europe are facing a new compliance reality: privacy, AI governance and cybersecurity can no longer be managed in separate silos. The GDPR, AI Act and NIS2 Directive impose different obligations, timelines and enforcement risks — yet they also share common governance foundations. Through interactive exercises, comparative frameworks and real-world scenarios, participants will identify where the three regimes converge, where they diverge, and how to avoid duplicative controls. The workshop will focus on the operational topics companies are struggling with now: governance ownership, accountability frameworks, transparency, risk assessments, incident reporting, supply-chain oversight, vendor contracting and documentation. Rather than treating each law as a separate project, attendees will learn how to build one integrated control framework that can support multiple legal obligations while reducing cost, friction and internal confusion.

What you will learn:

• Understand the key similarities and differences between the GDPR, AI Act and NIS2 Directive.

• Learn how to align ownership, committees, policies and reporting across GDPR, AI Act and NIS2.

• Map shared obligations such as risk assessments, transparency, incident response and vendor management into a single governance framework.

Additional registration fee required.