The Digital Compliance Matrix: Making Sense of the Overlapping Web of Data Laws

Privacy teams are not just managing the GDPR anymore. Today’s compliance landscape includes a complex stack of digital regulations: NIS2, DORA, the AI Act, ePrivacy, the Data Act, the Data Governance Act, the DMA and more. These frameworks intersect, but not always neatly. This panel brings together legal, regulatory and privacy operations leaders to decode the digital compliance matrix: what these laws require, how they overlap (or conflict) and what it actually takes to implement them inside real companies. We will break down the core themes of digital risk, accountability and documentation across frameworks. We will explore how teams are developing unified digital compliance control frameworks, conducting benchmarking and building integrated control environments that work across obligations, audits and business units. From defining digital operational resilience under DORA and managing risk tiers in the EU AI Act, to enabling compliant data reuse under the Data Act, our speakers will provide a clear, structured breakdown of what matters, what is enforceable and how privacy programs can scale beyond one-regulation-at-a-time thinking. If you have ever asked: “How do we manage all of this at once?”, this is the session for you. 

What you will learn:

• The core requirements of emerging and enacted digital regulations (NIS2, DORA, AI Act, Data Act, GDPR, etc.).  

• Strategies for aligning overlapping obligations into one governance framework.  

• Insights into risk classification, reporting requirements and documentation across regulations.  

• Practical models for translating legal text into operational workflows.