A new report from AuditBoard has identified a gap between executive perceptions and operational realities in risk and compliance management. This gap could potentially leave organisations in the UK and Germany vulnerable to regulatory non-conformance.
The study, Unlock Regulatory Compliance With DORA, NIS2, and the EU AI Act, surveyed over 270 professionals in decision-making roles across information technology, security, and risk management. The findings suggest that while 91% of respondents express concerns about cybersecurity threats, there remains a significant disconnect in how compliance efforts are managed and reported.
The report focuses on three key regulatory frameworks: the Digital Operational Resilience Act (DORA), the Network and Information Security Directive 2 (NIS2), and the EU AI Act. These regulations are designed to enhance cybersecurity, strengthen operational resilience, and promote responsible AI usage. However, organisations appear to be struggling with implementation, with many relying on manual processes that may hinder effective compliance management.
Challenges in Compliance Readiness
The research found that 90% of professionals expect compliance with these regulations to impact their workload, with information security teams feeling the greatest strain. Among those surveyed, 38% of InfoSec professionals anticipate a significant increase in responsibilities, compared to 29% of risk management professionals and 28% of IT professionals.
A key issue highlighted by the report is the disparity between executive confidence in compliance oversight and the operational challenges faced by management teams. While 92% of executives believe they have real-time insights into compliance status, only 69% of management professionals report the same level of visibility, suggesting that traditional spreadsheet-based reporting and manual processes may be impeding timely decision-making.
NIS2 Compliance a Higher Priority, But Gaps Remain
Among the three regulatory frameworks examined, NIS2 compliance was identified as the highest priority for respondents. However, only 52% of organisations report full compliance, while 44% expect to meet the requirements by the end of next year. The EU AI Act also presents challenges, with many companies failing to implement key compliance measures. Although 63% of respondents claiming compliance have introduced transparency measures, only 55% have risk management frameworks in place, and just over half (51%) conduct comprehensive risk assessments.
Concerns over third-party AI use remain prevalent, with 83% of professionals expressing uncertainty over compliance risks associated with external AI applications. Despite this, 91% believe the EU AI Act will ultimately have a positive impact on AI development and usage within their organisations.
Future-Proofing Compliance Strategies
The report suggests that organisations can improve compliance efforts by adopting purpose-built technology solutions that enhance efficiency and provide real-time insights. Jason Sechrist, Director of Product Solutions, EMEA at AuditBoard, noted that leveraging such technologies can help professionals at all levels make more informed decisions and streamline compliance processes.
“As organisations navigate compliance with evolving regulations, having a structured framework is essential,” said Sechrist. “Whether they are in the early stages or working to maintain compliance, the insights in this report can support the development of more effective conformance strategies.”