EU organizations buckle under rising compliance pressure
EU organizations buckle under rising compliance pressure
Publish Date: 2026-06-01 01:00:00
Source Domain: www.helpnetsecurity.com
Cybersecurity governance in the EU is shifting under expanding frameworks such as NIS2 and DORA, while AI raises new questions for security teams. What the future brings is hard to predict, and organizations must find a way to cope.
Antonija Vojnović, Governance, Risk and Compliance Department Manager at Span, spoke with Help Net Security at the Span Cyber Security Arena conference about how these regulatory frameworks are shaping compliance priorities and day-to-day decision-making.
Compliance overload across organizations
Companies in the EU are dealing with an increasing volume of regulations, with frameworks overlapping in some areas while differing in others.
“Not everyone can explain what applies to whom and why. For example, GDPR and NIS2 affect different types of data, but they should complement each other,” Vojnović said.
Organizations are often unsure where to start or how to prioritize compliance efforts.
NIS2 implementation differs among EU member states because it is a directive, which means each country must translate it into national legislation.
“Croatia has legislation in place. Slovenia also has legislation, though not in the same form.”
Vojnović says the goal of NIS2 is to improve awareness and align cybersecurity standards at EU level, but not all countries are at the same level of maturity. Different countries and companies need different amounts of time to adapt.
In Croatia, she notes, organizations are still waiting for the first audits to understand how enforcement will work in practice, what penalties will look like, and whether changes will follow after initial findings.
She adds that uncertainty remains around implementation and scope, including which organizations will fall under the directive.
Parallel regulatory pressure
Asked whether the growing set of regulations will ultimately help, Vojnović says regulations are useful, but too many are being introduced at the same time.
She points to NIS2, DORA, and the AI…
