Open source tools and expert humans to accelerate privacy, AI and cybersecurity compliance
Our tools help technology governance move with accuracy, agility and speed. We complement them with cost-effective expert advisory packages.
Present and Future Compliance Deadlines
Critical regulations have recently come into effect and many more regulatory changes are approaching. Stay ahead of compliance requirements that could impact your business operations.
NIS2 starts to apply in EU Member States
Impact: Requires essential / important entities in 18 sectors to implement cybersecurity risk management, report significant incidents, ensure management accountability and supply chain security assessments.
DORA applies to EU financial sector
Impact: requires financial entities to establish robust ICT risk management frameworks, conduct regular resilience testing, oversee third-party tech providers, and report cyber incidents to strengthen the financial sectors digital operational resilience.
EU AI Act early phase clauses enter force
Impact: Prohibited forms of AI must stop for impacted individuals in the EU. Appropriate training must be delivered to all who work with AI in the EU.
UK Online Safety Act age verification rules go live
Impact: Enhanced obligations to verify the age of users for specific sites named by OFCOM.
EU AI Act, General Purpose AI clauses in force
Impact: Foundation model compliance requirements, with increasing regulatory rules for the largest models with "Systemic Risk".
UK Data (Use & Access) Act comes into effect
Impact: Updates and simplifies cookie-related rules for UK data subjects, new "soft opt-in" rules also for marketing emails/texts from charities and alignment of PECR fines and breach reporting deadlines with those of UK GDPR
EU Data Act enters into effect
Impact: Enhanced consumer rights of access to connected device data, new legal obligations on cloud providers to facilitate customer switching to other providers, new data sharing rights for public and private entities.
California AI Transparency Act (SB942) enters into effect
Impact: Requires providers of generative AI systems with >1m monthly users in California to provide free AI detection tools, include watermarking disclosures in AI-generated image, video, and audio content.
California AI Training Data Transparency Act (AB2013) enters into effect
Impact: The California Generative AI Training Data Transparency Act (AB 2013) requires developers of generative AI to publicly post detailed documentation on datasets used to train models.
Texas Responsible AI Governance Act enters into effect
Impact: Prohibits AI systems intentionally designed for harmful purposes including discrimination, behavioral manipulation, and constitutional rights infringement.
South Korea AI Basic Act enters into effect
Impact: Establishes risk-based regulatory framework requiring safety measures, risk assessments and transparency obligations for "high-impact" AI systems, and mandating user disclosure and content labeling.
Colorado AI Act enters into effect
Impact: Establishes a duty of "reasonable care" for developers and deployers of "high-risk" AI systems that make consequential decisions in specific areas e.g. employment, requiring risk management, impact assessments and consumer disclosures.
Arizona Healthcare AI (HB2175) regulations in effect
Impact: Requires medical directors at insurance companies to review claim and prior authorization denials based on medical necessity, prohibiting AI making final decisions.
EU AI Act High Risk AI Systems regulations in effect (Annex III)
Impact: Requires comprehensive obligations including risk management, data governance, technical documentation, conformity assessments, among others.
EU Cyber Resilience Act reporting requirements enter into effect
Impact: Mandates manufacturers of products with digital elements to report exploitable vulnerabilities within 24 hours and severe cybersecurity incidents to national authorities and ENISA.
California CCPA Cybersecurity Audits requirements in effect
Impact: Mandates annual independent audits for businesses that derive over 50% revenue from selling personal information or meet specific data processing thresholds, including evaluations of cybersecurity programs via access controls, encryption, and vulnerability management.
Illinois SB 2203 Preventing Algorithmic Discrimination Act enters into effect
Impact: Prohibits AI systems intentionally designed for harmful purposes including discrimination, behavioral manipulation, and constitutional rights infringement, while requiring government agencies to disclose AI use to individuals and establishing a regulatory sandbox program..
EU AI Act High Risk AI Systems regulations in effect (Annex I)
Impact: Full compliance for AI systems embedded in regulated products covered by EU harmonization legislation e.g. vehicles, mandating risk management, data governance, technical documentation, conformity assessments, human oversight.
EU Cyber Resilience Act comes into full effect
Impact: Mandates cybersecurity requirements for "products with digital elements," including mandatory CE marking, conformity assessments, cybersecurity standards, vulnerability handling, free security updates, technical documentation, and post-market surveillance obligations.
Software and Expert Humans, Together
Compliance automation tools work best with deep experts in the loop.
Waivern Compliance Framework
Flexible and high quality compliance, at a cost that makes sense, as part of your CI/CD pipeline.
Your engineers and product people are under pressure to comply with cyber resilience, personal data and AI regulations. Their main job remains, however, to deliver value for your customers and business.
Waivern automation tools can help your teams do the necessary to stay compliant and empower them to get back to innovating.
Book a demo
Waivern Consultancy Service
Over 30 years of AI, privacy governance, product management and engineering experience in our team. We pair tools, experts and streamlined processes to get your AI system to production quicker.
- Rapid turnarounds
- Practical and pragmatic expertise
- Tailored service
- Expert support
How the Waivern Compliance Framework Works
Our framework automates the compliance risk discovery process by connecting directly to your technology stack, analysing code and data with AI-powered tools, and generating audit-ready documentation that keeps pace with your development cycle.
Connect directly to your application stack to gather compliance data automatically, eliminating spreadsheets and webforms.
AI-powered analysis (on-demand or in pipeline) identifies compliance risks and provides actionable insights across privacy, AI, and cybersecurity.
Generate comprehensive compliance reports and documentation that regulatory authorities require, automatically updated as your system evolves.
