CSRD, GDPR, the EU AI Act, and NIS2/DORA each cover different obligations — and most businesses are caught by more than one. Below is what each area requires, who it applies to, and which Verdaio tools help you navigate it.
Not sure which areas apply to you? Try the Compliance Diagnostic →
The Corporate Sustainability Reporting Directive requires large companies — and eventually listed SMEs — to report on their environmental and social impact using standardised ESRS indicators. It's the most detailed reporting obligation Europe has ever introduced.
The General Data Protection Regulation applies to every organisation that handles personal data of EU residents — no minimum size, no sector carve-out. It sets rules on lawful basis, data subject rights, breach notification, and data transfers.
The EU AI Act introduces a risk-based framework for artificial intelligence — from prohibited systems to high-risk applications requiring conformity assessments. The Cyber Resilience Act adds security requirements for products with digital elements.
NIS2 expands cybersecurity obligations to a much wider range of sectors, requiring incident reporting, risk management, and supply chain security measures. DORA adds specific digital operational resilience requirements for the financial sector.