IT Compliance

AI Act, NIS2 and DORA without the regulatory fog

We help IT, SaaS and technology companies identify which obligations actually apply to them, what needs fixing, and how to demonstrate compliance to investors, customers or regulators.

Where to start

Risk audit with no commitment to a large project

The initial call is free. A standalone legal task starts from CZK 5,000 excl. VAT; for AI Act / NIS2 audits we agree scope, deliverables and price before we begin.

Discuss IT compliance

Typical situations

Do you recognise your situation?

Not sure whether AI Act applies to you

You use AI in your own product, internal workflow or customer service. You need to distinguish between an ordinary tool, a GPAI model and a high-risk system.

A customer or investor wants NIS2 / ISO / SOC2 answers

In a tender, due diligence or enterprise sale you need to demonstrate security, incident response, supplier management and management accountability.

Dealing with a cyber incident

A data breach, ransomware attack or service availability failure has occurred. You need to know who to report to, by when, and what to communicate.

DORA or fintech outsourcing

You supply ICT services to a financial institution, or you fall within a regulated environment yourself. Outsourcing contracts and audit rights must comply with DORA.

AI and personal data in the same product

Training data, prompt logs, DPIAs, transfers outside the EU and processor roles start to converge. You need documentation that will stand up to scrutiny.

A director wants to know where personal liability lies

Compliance is not just a technical checklist. For NIS2, incidents and security measures we also address the liability of the statutory body.

Practice

What we handle

AI Act audit and AI system classification

NIS2 gap analysis and management accountability

DORA and ICT outsourcing contracts

DPIA, data transfers and advanced GDPR

Incident response and regulatory reporting

Compliance documentation for due diligence

The goal is not to create a folder full of paperwork. The goal is to know what you need to do, what to document, and where the real legal risk lies.

Process

How we work

01

Rapid classification

We map the product, data flows, suppliers and regulatory triggers. We separate the obligations that are real from those that do not apply to you.

02

Gap analysis and priorities

We list specific gaps: contracts, internal policies, documentation, DPIA, incident response, responsibilities and approval processes.

03

Documentation and implementation

We prepare contract amendments, policies, decision records and client-ready deliverables for investors, enterprise customers or regulators.

From practice

Decision points

AI Act

Is our AI tool a high-risk system?

A technology firm wanted to deploy an AI module in its customer workflow. The question was not academic — it was whether the product would pass enterprise procurement. The output was a classification, a map of obligations and a list of documentation changes.

NIS2 / incident

Who decides when to report an incident?

The company had a technical incident response plan but lacked a legal decision point. We defined responsibilities, escalation rules and contractual communication with key customers.

Let’s solve it

Facing a situation that demands
the right legal solution?

Call or write to us. The first conversation is always about understanding your situation — not about selling.

+420 777 366 857 Write to us
  • 10–15 minutes · free
  • Price upfront
  • No commitment

Our legal services are governed by our general terms and conditions unless otherwise agreed.