# IT Compliance, AI Act & NIS2 — IUSTORIA
> Legal audit for AI Act, NIS2, DORA and advanced GDPR for IT, SaaS and technology companies.
- Canonical URL: https://www.iustoria.cz/en/services/it-compliance/
- Markdown URL: https://www.iustoria.cz/en/services/it-compliance/index.md
- Language: en
- Content type: service
## Content
IT Compliance


# AI Act, NIS2 and DORA
without the regulatory fog


We help IT, SaaS and technology companies identify which obligations actually apply to them, what needs fixing, and how to demonstrate compliance to investors, customers or regulators.


Where to start


## Risk audit with no commitment to a large project


The initial call is free. A standalone legal task starts from CZK 5,000 excl. VAT; for AI Act / NIS2 audits we agree scope, deliverables and price before we begin.


 Discuss IT compliance


Typical situations


## Do you recognise your situation?


### Not sure whether AI Act applies to you


You use AI in your own product, internal workflow or customer service. You need to distinguish between an ordinary tool, a GPAI model and a high-risk system.


### A customer or investor wants NIS2 / ISO / SOC2 answers


In a tender, due diligence or enterprise sale you need to demonstrate security, incident response, supplier management and management accountability.


### Dealing with a cyber incident


A data breach, ransomware attack or service availability failure has occurred. You need to know who to report to, by when, and what to communicate.


### DORA or fintech outsourcing


You supply ICT services to a financial institution, or you fall within a regulated environment yourself. Outsourcing contracts and audit rights must comply with DORA.


### AI and personal data in the same product


Training data, prompt logs, DPIAs, transfers outside the EU and processor roles start to converge. You need documentation that will stand up to scrutiny.


### A director wants to know where personal liability lies


Compliance is not just a technical checklist. For NIS2, incidents and security measures we also address the liability of the statutory body.


Practice


## What we handle


AI Act audit and AI system classification


NIS2 gap analysis and management accountability


DORA and ICT outsourcing contracts


DPIA, data transfers and advanced GDPR


Incident response and regulatory reporting


Compliance documentation for due diligence


The goal is not to create a folder full of paperwork. The goal is to know what you need to do, what to document, and where the real legal risk lies.


Process


## How we work


 01


### Rapid classification


We map the product, data flows, suppliers and regulatory triggers. We separate the obligations that are real from those that do not apply to you.


 02


### Gap analysis and priorities


We list specific gaps: contracts, internal policies, documentation, DPIA, incident response, responsibilities and approval processes.


 03


### Documentation and implementation


We prepare contract amendments, policies, decision records and client-ready deliverables for investors, enterprise customers or regulators.


From practice


## Decision points


AI Act


### Is our AI tool a high-risk system?


A technology firm wanted to deploy an AI module in its customer workflow. The question was not academic — it was whether the product would pass enterprise procurement. The output was a classification, a map of obligations and a list of documentation changes.


NIS2 / incident


### Who decides when to report an incident?


The company had a technical incident response plan but lacked a legal decision point. We defined responsibilities, escalation rules and contractual communication with key customers.