Compliance & regulation
What EU AI Act, GDPR, NIS2 and certified environments mean for teams using AI coding tools - described plainly, never as legal advice or compliance guarantees.
Compliance
The EU AI Act for Development Teams
Teams using AI coding tools are usually deployers - the small duty set that actually applies, the post-omnibus deadlines (Dec 2027/Aug 2028), and what the Act does not regulate: your code quality. Not legal advice.
Updated: July 2, 2026Read article →
Compliance
GDPR-Compliant AI Coding
Code is rarely personal data - the context AI tools ingest often is. The eight-point checklist: data flow, Art. 28 DPA, transfers, training opt-outs, minimization. Assessment stays with your DPO.
Updated: July 2, 2026Read article →
Compliance
Audit Trails for AI-Generated Code
Git records what changed - not what the task was, what was validated, who approved. The five auditor questions, why the demand rises under NIS2 and the new product liability, and how to build the trail.
Updated: July 2, 2026Read article →
Compliance
ISO 27001, TISAX & BSI: AI Coding When Certified
Neither standard bans AI tools - both demand they live inside the ISMS. The control mapping auditors walk through, TISAX's stricter data lens, and the BSI/ANSSI recommendations.
Updated: July 2, 2026Read article →
Compliance
NIS2 and Liability for AI Code
Since December 2025, management must approve and oversee development risk - the box unverified AI code sits in. The duties, the liability layers after the AILD withdrawal, and what to document. No case law yet.
Updated: July 2, 2026Read article →
Compliance
AI Coding in Regulated Industries
DORA, IEC 62304/MDR, ISO 26262/ASPICE regulate process and evidence, not code authorship. What each sector demands when AI writes code - and the one base setup that fits all three.
Updated: July 2, 2026Read article →
Want to follow the beta, or test it when it opens?
Join early access