Lead with
Compliance.
Compliance is a fundamental part of responsible corporate and product management. Anyone who wants to lead their company with sovereignty must know where regulatory risks arise and how to manage them.
A key focus area is the EU AI Act. As soon as artificial intelligence is used in products and processes, new requirements emerge. Depending on the use case, these include labeling, documentation, monitoring and risk management obligations, among others. This is particularly relevant for us because we integrate AI into our solutions. That is precisely why we continuously drive the implementation of the EU AI Act and create the organizational and technical prerequisites for it.
For us, however, regulatory compliance does not end with AI. It also encompasses the protection of personal data. That is why compliance with the GDPR is equally part of a sovereign setup for us. Especially in digital procurement processes, sensitive information converges at a central point. Anyone who takes responsibility here must ensure data protection and systematically integrate it into processes, responsibilities and product logic. The European data protection framework demands precisely this combination of legal basis, transparency and controlled processing.
In addition, there is technical and organizational safeguarding. With our ISO/IEC 27001:2022-certified Information Security Management System (ISMS), we create a binding framework for the protection of information. Complementary ISAE 3402-compliant controls and independent audits ensure that our internal processes and control mechanisms are also reliable and traceable where our services become part of our customers’ business and control processes.
For you, this means: we take a holistic view of regulatory compliance. The EU AI Act regulates the responsible use of AI. The GDPR protects personal data. ISO/IEC 27001:2022 creates the organizational framework for information security, and ISAE 3402 ensures through an independent audit that relevant internal controls are effectively designed and applied.
FAQ
What does the EU AI Act regulate?
The EU AI Act is the European legal framework for artificial intelligence. It defines obligations depending on the role and use of AI and takes effect in stages. The requirements for providers of general-purpose AI models have been in effect since August 2025.
What is an ISO/IEC 27001:2022-certified ISMS?
An ISMS is an Information Security Management System. The international standard ISO/IEC 27001:2022 ensures that information security is systematically managed, documented and continuously reviewed.
What does ISAE 3402 mean?
ISAE 3402 (International Standard on Assurance Engagements 3402) is an internationally recognized assurance standard developed by the IAASB (IFAC). It ensures the independent examination of internal control systems of service organizations – particularly where services have an impact on the financial or business processes of customers, such as with SaaS, cloud or outsourcing providers.
What is the GDPR?
Regulatory compliance in digital procurement is not limited to AI. Personal data is also processed in procurement processes, for example in master data, approvals, supplier contacts or invoicing processes. The GDPR forms the central European legal framework for this.
