Regwolf Academy

Field guides to European compliance

Practical, regulation-by-regulation guidance from the Regwolf compliance team — written for the people who have to operate the rules, not just read them.

By practitioners

Every guide is written by the compliance team that runs these frameworks day to day — not a content desk.

Built around the rules

Organised by regulation — NIS2, AI Act, ISO 27001 and GDPR — with each obligation mapped to what you actually do.

Always current

Revised as guidance, deadlines and enforcement shift, so you read the rule as it stands today.

Free tools

Check your readiness in minutes

In-depth self-assessments for the regulations we cover — instant scorecard, no account needed, detailed PDF report.

NIS2

NIS2 readiness

Check scope and score every risk-management measure.

Start
AI Act

AI Act readiness

Find your risk tier and score the obligations that apply.

Start
ISO 27001 · SOC 2

ISO / SOC 2 readiness

See how close you are to certification across the ISMS.

Start
GDPR

GDPR readiness

Confirm how GDPR applies and score your accountability.

Start
12 articles
Fundamentals · Featured

The European Compliance Playbook

How to operate NIS2, the AI Act, ISO 27001 and GDPR as one coordinated program instead of four parallel fire drills — from control mapping to a single audit-ready evidence layer.

Guide · 11 min read Read the guide
NIS2

Essential vs. important entities: where do you fall?

A decision tree for NIS2 scope, sector by sector — and what each classification changes for your obligations.

Article6 min
NIS2

Designing a 24-hour incident report

What regulators expect in the early-warning notification, and how to build the workflow before you need it.

Article8 min
NIS2

Management liability: what boards must know

NIS2 puts accountability on leadership. Here is what directors are now expected to approve, oversee and evidence.

Article7 min
AI Act

Risk-tiering your AI systems

A practical walkthrough from prohibited to minimal risk, with the questions that actually determine the tier.

Article7 min
AI Act

The technical documentation file, demystified

Annex IV translated into a checklist your engineering and compliance teams can actually ship against.

Article9 min
AI Act

Transparency obligations for general-purpose AI

What you must disclose when you build on, or ship, a general-purpose model — and how to keep the records.

Article6 min
ISO 27001

A Statement of Applicability that holds up

How to justify every Annex A control — and every exclusion — so your auditor never has to ask twice.

Article6 min
ISO 27001 · SOC 2

One evidence program, two certifications

Run ISO 27001 and SOC 2 in parallel without collecting the same evidence twice or doubling the workload.

Article8 min
ISO 27001

Preparing for your surveillance audit

The evidence and meetings that make year-two and year-three audits routine instead of a scramble.

Article5 min
GDPR

Records of Processing that stay current

Move your RoPA from an annual scramble to a living register that updates as your systems change.

Article5 min
GDPR

Running a defensible DPIA

A step-by-step method for assessing high-risk processing — and documenting the decisions that justify it.

Article7 min
Fundamentals

Continuous control monitoring, explained

Why point-in-time audits miss drift, and how continuous testing keeps your posture honest between reviews.

Article5 min

No articles in this category yet.