Regulation & Risk

Compliance & Security

EU AI Act, GDPR, SOC2, CRA, ISO27001 — navigating regulations is complex. Build compliance into your DNA from day one, not as an afterthought.

The Problem

What It Looks Like

  • New regulations creating uncertainty
  • Compliance requirements unclear or overwhelming
  • Security practices inconsistent or undocumented
  • Audit findings requiring significant remediation
  • Compliance slowing down development

What It Costs

  • Delayed product launches (compliance reviews)
  • Expensive remediation (retrofitting compliance)
  • Audit failures and regulatory fines
  • Reputation and customer trust damage
  • Market access restrictions (EU)

The Real Risk: EU AI Act enforcement begins 2025. GDPR fines reach 4% of global revenue. Non-compliance isn't just risky — it's existential for European market access.

Regulations We Cover

EU AI Act

Comprehensive regulation of AI systems. Enforcement 2025. We provide full support: architecture, risk classification, documentation.

HIGH PRIORITY

GDPR

Personal data protection. Up to 4% of revenue in fines. We handle: data mapping, privacy impact assessments, technical measures.

FOUNDATIONAL

Cyber Resilience Act (CRA)

Digital products security requirements. Emerging focus: vulnerability handling, security updates, incident reporting.

EMERGING

SOC2, ISO27001, DORA, MDR

Industry-specific frameworks: Financial services, healthcare, digital operations. Full certification support available.

CASE-BY-CASE

Our Approach: Compliance by Design

Compliance by design, not by audit. Embed compliance into development process. Automate validation. Make the right thing the easy thing.

1

Gap Assessment

1-2 weeks: Map applicable regulations, assess current compliance state, identify critical gaps.

2

Framework Design

2-4 weeks: Design compliance framework, define policies, establish governance, create documentation.

3

Implementation

4-8 weeks: Implement controls, deploy automated validation, integrate into workflow, train team.

4

Continuous Compliance

Ongoing: Automated checking, regular reviews, audit prep, regulatory change monitoring.

Cost of Compliance Approaches

Retrofit Compliance

  • Development delayed 3-6 months
  • Remediation cost 3-10x build cost
  • High architectural rework needed
  • Long-term risk remains
AVOID THIS

Compliance by Design

  • Minimal development impact
  • Included in initial build cost
  • Fewer architectural surprises
  • Long-term risk mitigated
RECOMMENDED

Typical Engagement

Compliance Assessment

Investment
CHF 12-20k
Duration
2-3 weeks

Regulatory applicability analysis

Gap assessment and risk prioritisation

Remediation roadmap

Compliance Framework

Investment
CHF 25-45k
Duration
4-6 weeks

Compliance framework design

Policies, procedures, governance

Documentation templates

Compliance Automation

Investment
CHF 5-8k
Duration
1-2 weeks

Compliance Agent validates requirements

Integrated into workflow

Automated reporting

Ensure Your Compliance Foundation

The earlier you build compliance in, the lower the cost and risk. Let's assess your current state.