FREE WEBINAR · 23 SEPTEMBER 2026

Compliance Sprints — ISO 27001, NIS2, EU AI Act. Which framework when?

Framework map · Use-case mapping · 4-week sprint methodology

NIS2 has been in force since October 2024, DORA since January 2025, the EU AI Act rolls out in phases through 2027, and the EU Data Act adds further obligations from September 2025 onward. On top of that, ISO 27001 has become the de-facto trust layer in B2B sales. This 60-minute webinar gives an honest map of the major compliance regimes for the DACH mid-market — who needs what, in which order, and how we translate that into our productized 4-week sprint methodology together with our GRC partners Vanta and Kertos.

Request a seat →View format

What you take away

Three regimes, three use cases, one sprint framework.

We frame the three dominant compliance regimes against your business reality: sales, sector obligation, and AI product. Per regime: scope, honest use case, typical trigger in the mid-market.

ISO 27001 — Trust layer for B2B sales

Voluntary, but de-facto mandatory in enterprise sales and supply chains. When the sprint pays off: recurring vendor security questionnaires, before pitches to enterprise customers, and ahead of institutional funding rounds.

Trigger · Sales question · procurement

NIS2 — Sector obligation & executive liability

In force since October 2024. Covers "essential" and "important" entities from 50 employees across 18 sectors. Personal liability of management — risk management, incident reporting, supply-chain security.

Trigger · Sector scope · liability

EU AI Act & Data Act — AI and the data economy

AI Act in phases: prohibited practices since February 2025, general-purpose AI from August 2026, high-risk systems from August 2027. Data Act: data access and portability obligations from September 2025. Relevant to anyone shipping AI components or connected devices.

Trigger · AI in product · connected device

Sources for the legal framing: BSI (NIS2 implementation act), ENISA (NIS2 technical guidance), European Commission (AI Act, Data Act). We provide orientation — not legal advice. Concrete mandates are aligned with our partner law firms.

Agenda

60 minutes. Practical. With live Q&A.

The detailed agenda is shared in the confirmation email before the session. Planned sections:

01Compliance map 2026 — what NIS2, DORA, AI Act and Data Act actually require

02Which framework when? A decision matrix by sector, size and sales model

03ISO 27001 as a sales accelerator — what procurement teams actually demand in 2026

04NIS2 liability in practice — what executives in the DACH mid-market are signing today

05Live walkthrough: Compliance Sprint in 4 weeks with GRC automation (Vanta / Kertos)

06Q&A — confidential, off-record, not recorded

Fabian Hausner — Gründer, Woodlands Advisory

Speaker

Fabian „Fabe“ Hausner

Founder, Woodlands Advisory GmbH
SAP Global Security Advisory Lead

Enterprise security architecture at SAP — including post-acquisition cyber integration in the Signavio context
Practice focus: ISO 27001, NIS2 and DORA audit readiness for the DACH mid-market and tech scale-ups
Implementation partner for GRC automation (Vanta, Kertos) — productized sprint delivery instead of 12-month consulting
Daily threat-intelligence responsibility as SAP Global Security Advisory Lead
Founder Fabe Capital GmbH · Heidelberg

Format & logistics

60 minutes. Confidential. Not recorded.

Duration: 60 min45 min keynote · 15 min Q&A
Platform: Google MeetJoining link via email
Confidentiality: Off-recordNot recorded · no re-sharing
Access: By registrationBusiness email · confirmation in 24h

Request a seat

Request a seat.

Attendance is limited to verified decision-makers across executive, IT, compliance and finance functions. We confirm requests within 24 hours with the Google Meet joining link.

Who should attend

CEOs and board members (NIS2 liability)
IT Directors, CTOs and Heads of Engineering
CISOs and Information Security Officers
Compliance Officers and Data Protection Officers
CFOs with compliance budget responsibility
Heads of Sales / Revenue (ISO 27001 as a sales argument)
Product & AI leads (EU AI Act)

What we verify

Business email domain (no Gmail/Yahoo/Web.de)
Role plausibility via LinkedIn
Sector alignment with DACH mid-market and tech

Registration form

All data treated confidentially. Processing per GDPR.

First name *

Last name *

Business email *

Company *

Role *

Company type *

Live deal in the pipeline?

LinkedIn profile (recommended for verification)

I would like to receive Woodlands updates on cyber risk in M&A (unsubscribe anytime).I accept the Privacy Policy. *

You will receive a confirmation with joining link and agenda within 24 hours.

Related Services

Many clients combine multiple services – for maximum impact.

Compliance SprintAudit-ready in 4 weeks. Your effort: 3.5 hours.

Sales Trust EngineTurn your certification into a sales accelerator.

Growth needs security. Not someday – now.

Whether you face a transaction, need a certification or want to professionalise your security strategy – Woodlands delivers results in weeks, not months.

Schedule Initial Consultation →

20 minutes. Confidential. No obligation.