Table of contents
EU cybersecurity directives changing the business landscape
The EU is strengthening cybersecurity across key sectors with three major regulations: NIS 2, DORA, and the Cyber Resilience Act (CRA). Together, they form a cohesive framework to enhance the digital resilience of organisations, protect critical infrastructure, and mitigate cyber risks.
- NIS 2 applies to essential sectors such as energy, transport, healthcare, and waste management, requiring risk management, incident reporting, and secure technology practices.
- DORA targets the financial sector, mandating robust operational resilience to withstand cyberattacks.
- CRA introduces mandatory cybersecurity standards for hardware and software products sold in the EU, promoting security by design.
Failure to comply with DORA, NIS 2, or the CRA can lead to significant consequences, including multi-million euro fines, operational disruptions, and lasting reputational damage following a cyber incident.
Our business objectives and proactive approach
Recognising our clients’ need to navigate the new laws easily and efficiently and supporting our business endeavours at the same time, we decided to leverage our expertise and proficiency in advanced technologies and create a regulation-specific AI agent able to answer complex questions about DORA, NIS 2, and the CRA.
We stayed proactive during this time of a serious change in the security regulatory environment to meet the expectations of our existing and potential clients.
Our PR Team came up with a solution and, together with a skilled dev and the Security Team, planned an AI chatbot trained specifically for this task – to guide and explain any queries about the regulations in a simple and human-like way.
We also wanted the agent to offer users the option to consult a real person at the end of each conversation. To make it possible, we added a feature that recognises further needs and shares contact details of one of our specialists, whether it is a Sales Team member or a security expert.
Tech expertise for a cybersecurity-related chatbot
The chatbot needed to be cost-efficient, error-proof, and unable to be manipulated. We chose to code it in Python and, to leverage our Microsoft partner’s reliable technology, we store it in the Azure environment.
The most important technical challenge to tackle was to forbid the agent to mix the three directives with each other. We achieved this by meticulously labelling and structuring all data in a detailed way. We also implemented a protective, validation layer within the code.
DORA, NIS 2, and CRA have distinct rules and penalties, so it was imperative that the chat differentiate between them accurately. If a user asks a question not related to the regulations, our chat will not answer, as it is not designed to engage in other discussions.
What’s often overlooked in chatbot development is the importance of high-quality training data. In our case, preparing the chatbot’s knowledge base was crucial. We trained it on specific chapters of each directive and rigorously verified that every answer could be traced back to the original legal text.
This attention to detail reflects our belief that even the most advanced code is only as good as the data behind it. Without reliable, structured input, no AI can deliver trustworthy results.
Benefits of our security chatbot
To support clients in navigating complex EU cybersecurity regulations with confidence, we developed a reliable AI agent that delivers accurate, human-like guidance on DORA, NIS 2, and the Cyber Resilience Act. It transforms regulatory complexity into clarity – helping clients stay ahead of EU cybersecurity laws.
Built with cost-efficiency, security, and precision in mind, the solution ensures regulatory distinctions are clearly maintained. It also offers users the option to seamlessly connect with a real expert when needed.
By combining technical excellence with a proactive approach, we support our clients’ compliance efforts while strengthening our own business offering.
Technologies used in the project
