EU – CIO.works

GDPR Fines Hit $1.4B as Customer Support Becomes Compliance Risk

By CIO / Blog / data protection, GDPR, compliance, EU, regulation, customer service

In 2025, GDPR fines reached $1.4 billion in Europe and $2.8 billion globally, highlighting significant risks in customer support operations due to data handling by outsourced teams. Experts emphasize that compliance depends on strict data access controls, comprehensive audit trails, thorough agent training, and ongoing monitoring to prevent breaches and ensure accountability throughout support workflows.

https://news.designrush.com/gdpr-compliance-customer-support-risks-explained

How the EU’s NIS2 Directive Is Changing How CIOs Think About Digital Infrastructure

By CIO / Blog / risk management, cybersecurity, compliance, EU, NIS2, regulation

The EU’s NIS2 directive is prompting CIOs to rethink digital infrastructure by extending risk accountability beyond individual organizations to encompass the entire ecosystem of interconnected providers, including cloud platforms and network operators. This shift emphasizes designing resilient systems that can continue operating despite failures in any part of the network, moving resilience from a compliance exercise to a strategic priority focused on infrastructure architecture and connectivity.

https://www.cio.com/article/4162091/how-the-eus-nis2-directive-is-changing-how-cios-think-about-digital-infrastructure.html

EU AI Act Shock: Emotion Recognition Is Now Illegal at Work. So Why Is Your Vendor Still Selling It?

By CIO / Blog / regulation, technology, AI, compliance, EU, privacy

The EU AI Act, effective since February 2025, has made emotion recognition AI in the workplace illegal across the European Union, imposing fines up to €35 million or 7% of global turnover for violations. Despite this, many vendors continue to sell and deploy such technology unlawfully, risking significant penalties, while the law strictly prohibits AI systems that infer employee emotions from biometric data but allows text-only sentiment analysis. Organizations using UC, CX, or employee experience software in Europe are urged to urgently verify vendor compliance and disable prohibited features to avoid imminent enforcement actions.

https://www.uctoday.com/workplace-management/eu-ai-act-shock-emotion-recognition-is-now-illegal-at-work-so-why-is-your-vendor-still-selling-it/

The EU’s AI Act: Do You Have the Knowledge to Comply?

By CIO / Blog / AI, compliance, EU, regulation

The article highlights a critical compliance challenge posed by the EU AI Act, effective from August 2, 2026, for enterprises using AI-driven marketing automation workflows. It warns that while strategic AI governance often exists at the leadership level, many operational AI systems—like customer scoring models and data enrichment flows—are undocumented and lack clear ownership, putting organizations at risk of non-compliance under the Act’s transparency, documentation, and human oversight requirements.

https://www.business-reporter.co.uk/ai–automation/the-eus-ai-act-do-you-have-the-knowledge-to-comply

EU AI Act Compliance: a Technical Audit Guide for the 2026 Deadline

By CIO / Blog / AI, EU, regulation, compliance

With the August 2026 deadline for the EU AI Act approaching, IT leaders must shift from policy to practical compliance by mapping AI tools across APIs, legacy systems, and model integrations to ensure auditable governance. Organisations need to build comprehensive API inventories, implement continuous monitoring systems, categorise AI endpoints by risk, and rigorously audit high-risk legacy systems for transparency, human oversight, and bias mitigation to meet the stringent regulatory requirements and avoid significant fines and reputational damage.

https://www.raconteur.net/global-business/eu-ai-act-compliance-a-technical-audit-guide-for-the-2026-deadline

Office EU

By CIO / Blog / tools, EU, open source

Office EU is a fully European-owned, cloud-based office suite offering productivity apps for documents, spreadsheets, presentations, file storage, email, calendars, and video meetings, all hosted on European infrastructure to ensure data sovereignty and GDPR compliance. Designed for businesses, non-profits, and individuals valuing privacy, it supports seamless migration from Microsoft 365 or Google Workspace without data loss or downtime, emphasizing open-source software and protection from foreign jurisdiction.

https://office.eu/

5 Innovations Desperately Needed for EUDR Compliance

By CIO / Blog / EUDR, sustainability, regulation, EU, compliance

EUDR compliance poses challenges, especially for small businesses, as the EU Deforestation Regulation aims to eliminate deforestation in global supply chains. Key innovations needed include public policy improvements, collaborative corporate practices, innovative financial services, action from civil society, and harmonized technological solutions. While major firms are preparing for the regulation, smaller players require support to meet compliance requirements. Ultimately, harmonized tech and collective efforts will be crucial for transitioning to sustainable, deforestation-free supply chains.

https://www.foodnavigator.com/Article/2026/03/03/innovations-for-eudr-compliance/

From Innovation to Regulation: How Internal Audit Must Respond to the EU AI Act

By CIO / Blog / regulation, risk management, AI, compliance, EU, audit

The EU AI Act, a global standard for AI regulation, requires organizations worldwide to address AI risks through governance, controls, and accountability. Internal auditors must adapt to this shift, auditing AI governance, risk classification, data quality, human oversight, and third-party AI risk to ensure compliance.

https://www.wolterskluwer.com/en/expert-insights/innovation-regulation-how-internal-audit-must-respond-eu-ai-act

Who Uses AI in Europe

By CIO / Blog / AI, EU, trends, workforce

EU invests in AI adoption and ethics, yet usage varies widely. 64% of Europeans expect AI literacy by 2030; 32.7% have used AI tools. Generative AI in education is low (average 9.8% usage), with regional disparities. Denmark leads business AI adoption at 42.03%. EU needs focused strategies for effective AI integration across sectors and member states.

https://eutechloop.com/who-uses-ai-in-europe-and-where-its-still-taboo/

European Commission Proposes Revised Cybersecurity Act to Boost EU Cyber Resilience, Secure ICT Supply Chains

By CIO / Blog / cybersecurity, EU, regulation

EU proposes revised Cybersecurity Act to enhance resilience, secure ICT supply chains. Act introduces simpler certification, supports compliance, fortifies ENISA, and targets risks from third-country suppliers. Key amendments to NIS2 Directive facilitate legal clarity and compliance for businesses. New horizontal framework for ICT supply chain security addresses strategic risks and vulnerabilities. ENISA strengthens cybersecurity response and supports workforce development. Overall, the initiative aims to improve security and trust in EU's critical infrastructure.

https://industrialcyber.co/regulation-standards-and-compliance/european-commission-proposes-revised-cybersecurity-act-to-boost-eu-cyber-resilience-secure-ict-supply-chains/