Cybersecurity for the Professional Services Sector

Law firms, consultancies, accountants and auditors. 5-200 employees.

Applicable Regulations

AI Act

EU Regulation 2024/1689

Regulation of artificial intelligence systems in the EU with a risk-based approach. Phased application: prohibited practices from Feb 2, 2025, GPAI obligations from Aug 2, 2025, high-risk systems from Aug 2, 2026

Penalties: Up to €35M or 7% of turnover (prohibited practices); €15M or 3% (other obligations); €7.5M or 1% (inaccurate information). SMEs: proportionate caps

Authority: AI Office (EU Commission) + AgID (Italy)

Deadline: August 2, 2026

Explore guides

GDPR

4 guides

EU Regulation 2016/679

Personal data protection in the European Union

Penalties: Up to €20M or 4% of annual global turnover

Authority: Data Protection Authority (Garante per la Protezione dei Dati Personali)

Explore guides

ISO 27001

2 guides

ISO/IEC 27001:2022 - International standard

Information Security Management System (ISMS)

Penalties: N/A (voluntary standard)

Authority: Accredited certification bodies (Accredia in Italy)

Explore guides

Discover Your Compliance Level for Professional Services

Check in just a few minutes which regulations apply to your professional services business and the priority actions to become compliant.

Start Free Assessment

Audit your website automatically

Scan your public website for GDPR cookie banner, accessibility (WCAG 2.1 AA), legal transparency and security headers — AI generates copy-pasteable fixes and a PDF report.

Discover the Website Compliance Audit