The DevSecOps Talks Podcast #87 - EU Compliance 101: AI Act, DORA, NIS2 explained
Dec 8, 2025
Dive into the essentials of EU compliance as the hosts dissect the AI Act, DORA, and NIS2 regulations. Discover how these rules impact both EU and non-EU companies, emphasizing the importance of understanding legal jargon for engineers. Learn about risk-based classifications in AI and the consequences of noncompliance, including hefty fines. The podcast outlines critical timelines for incident reporting and the mandatory obligations under NIS2. Prepare for a future episode that promises practical compliance steps and deeper insights into upcoming regulations!
AI Snips
Chapters
Transcript
Episode notes
Live Translation Blocked In EU Example
- Matthias used the Apple translation feature example to show extra-territorial effects.
- He pointed out features can be unavailable in the EU due to local regulation decisions.
AI Act Is Risk-Based With Stringent High-Risk Rules
- The AI Act uses a risk-based classification from minimal to unacceptable risk.
- High-risk systems (healthcare, hiring) face strict conformity, transparency, and monitoring requirements.
Classify Your AI And Apply Controls
- Determine which AI risk category your system falls into and follow the required controls.
- Implement logging, human oversight, and documentation when your AI can materially affect people.