Even organizations that claim to already comply with the EU AI Act often miss essential components of compliance, making them vulnerable. 63% of so-called compliant organizations have implemented transparency measures, 55% have established a risk management framework, and only 51% conduct comprehensive risk assessments. Finally, 83% of professionals are concerned about third-party use of AI in relation to compliance with the EU AI Act. Nevertheless, 91% of respondents believe that the EU AI Act will have a positive impact on the use and development of AI applications within their organization.
Additionally, no less than 91% of respondents express concern about cyber threats. This growing concern drives teams to increased vigilance in managing cybersecurity and operational risks. Organizations are under constant pressure to adopt a more proactive and strategic approach to compliance. To achieve this goal in the UK, the EU, and beyond, new and revised regulations and frameworks have been introduced. Examples include the Digital Operational Resilience Act (DORA), the Network and Information Security Directive 2 (NIS2), and the EU AI Act. These rules share a common goal: to strengthen cybersecurity and operational resilience while ensuring responsible AI use. They must be a priority to avoid sanctions. At the same time, they offer companies the opportunity to enhance their risk management, improve operational processes and workflows, and deploy technology responsibly.
AuditBoard, in collaboration with Ascend2 Research, has presented the following findings. Executives often perceive periodic updates as real-time, while professionals in practice often rely on manual processes and spreadsheet reporting, which are far from real-time. 92% of executives say they have real-time insight into compliance status, while only 69% of managers report the same. This highlights the gap between the perceived timeliness of data and operational reality.
"At a time when there are more cyber threats than ever before, ensuring compliance with new regulations remains a top priority for our company," says Karen Albert, Vice President of Internal Audit at Constellium. "This new research from AuditBoard sheds light on the key obstacles to compliance with regulations such as DORA, NIS2, and the EU AI Act, and provides a roadmap for organizations looking to improve their cybersecurity posture."
"We have found that by leveraging specially developed technology, professionals at all levels and in all roles can make more effective decisions and carry out their compliance efforts more efficiently," says Jason Sechrist, Director of Product Solutions, EMEA at AuditBoard. "Whether it’s in the early stages of compliance or actively working to maintain it, organizations can use the findings in this report to build a framework for their journey and future-proof their compliance strategies."
The full research can be downloaded here.
Methodology
For this research, AuditBoard, in collaboration with Ascend2 Research, surveyed 272 professionals in decision-making roles in risk management, information technology (IT), and information security (InfoSec) via an online questionnaire. These individuals represent organizations with an annual revenue of $25 million or more. The research was conducted in November 2024.
