GRC Report

Poland is turning the EU’s data governance ambitions into something far more tangible. With new legislation advancing the implementation of the EU Data Governance Act, the country is putting real structure around how data is shared, accessed, and intermediated, from public sector datasets to emerging “data altruism” models. The expanded role of the national data protection authority and formal oversight of data intermediaries signal a shift away from theory toward enforceable frameworks. For organizations operating across the EU, this is another clear indication that data governance is no longer just about protection, it’s about controlled, trusted use at scale. Read More: https://lnkd.in/gutnHVyb #DataGovernance #DGA #EURegulation #Compliance #RiskManagement #Privacy #DataSharing #GRC #DigitalPolicy

Agentic AI may be dominating the conversation in GRC, but as Michael Rasmussen argues, the reality is far more measured. While expectations around autonomous, orchestrated systems are accelerating, most platforms today remain firmly in the realm of assisted workflows rather than true cross-functional decision-making. The gap between promise and capability is creating real strategic risk for organizations planning around tools that don’t yet exist in practice. The path forward is less about chasing labels and more about building the data foundations, governance structures, and architectural maturity needed to support meaningful progress. In GRC, the future of AI will be defined not by what it’s called, but by whether it can deliver accountable, explainable outcomes that actually move the organization forward. Read More: https://lnkd.in/gyMYa3Zy #GRC #RiskManagement #AI #AgenticAI #Governance #Compliance #ThirdPartyRisk #OperationalResilience #DataGovernance #RiskLeadership

🌍 THIS MONTH IN GRC INSIGHTS — CURATED THOUGHT LEADERSHIP FROM AROUND THE WORLD GRC Insights brings together the voices shaping the most important conversations in governance, risk management, and compliance. This is curated thought leadership from GRC Report contributors, offering sharp perspectives, practical insight, and timely analysis on the issues defining GRC today. The full article is linked below. 👇👇👇 🇺🇸 Capability Intelligence: Mapping Resilience Across the Enterprise — Michael Rasmussen explores how organizations need a clearer view of resilience across the enterprise, connecting signals, capabilities, and context to support better decisions. 🇺🇸 Taking Uncertainty Seriously: Part 3 — Tony Martin-Vegue continues the discussion on uncertainty, challenging simplistic thinking on frequency and magnitude and showing why decision-making must wrestle honestly with ambiguity. 🇩🇰 Risk Appetite Without Numbers Is Just Philosophy — Graeme Keith argues that risk appetite is too often treated as abstraction instead of discipline, and why meaningful risk management requires greater rigor. 🇺🇸 The Invisible Third-Party: AI as a Vendor Risk You Are Probably Not Managing — Norman J Levine highlights how AI is quietly introducing new third-party exposures that many organizations have yet to address. 🇺🇸 The Great GRC Reboot: How AI Is Turning Control Into Intelligence — Renee Murphy examines how AI is reshaping the future of GRC and why the next era will demand more than traditional control frameworks. 🇨🇭 JOIN US AT Risk-in conference 2026 & Swiss GRC DAY 2026 Two important events in Switzerland are putting risk, compliance, and resilience front and center. From AI governance and cyber risk to resilience, geopolitics, and business strategy, these gatherings offer practical insight and strong peer engagement for the GRC community. 🎟️ Members of the GRC Report community receive a 20% discount on Risk-!n 2026 badge prices with promotion code: RISKIN26GRC20 🎙️ NEW EPISODES ACROSS THE GRC GALAXY Fresh podcast episodes are now live on the Risk Is Our Business Podcast and the Hitchhiker's Guide to the GRC Technology Galaxy Podcast. These conversations move beyond dashboards and buzzwords to focus on what actually makes GRC work in practice: decision quality, judgment, usability, and rigor. 👇👇👇 The full GRC Insights article is linked below 👇👇👇 ❓ Have a question? Reach out. We would love to hear from you. _______________ 🪐 GRC 20/20 Research maps and monitors the ever-expanding GRC galaxy — now tracking 1,500+ solutions and the professional services orbiting them — reach out to GRC 20/20 Research for insight into GRC-related solutions & professional services that best fit your organization's needs 📡 Follow GRC Report for news and expert insights on governance, risk management and compliance around the world 🎙️ Tune into the podcasts → Risk Is Our Business Podcast & Hitchhiker's Guide to the GRC Technology Galaxy Podcast

In this return episode of the Risk Is Our Business Podcast, Captain Michael Rasmussen welcomes back Graeme Keith for a sequel to Wrath of Math, this time shifting from models to meaning. They take aim at cookie-cutter risk management, unpacking what separates genuine practice from templated frameworks that look good on paper but fail to influence decisions. The conversation centers on Graeme’s recent writing on risk appetite, and his frustration with how often organizations discuss the risks they’re willing to take without addressing the more fundamental question of why are we taking those risks at all? From there, they explore how risk appetite is often less about numbers and more about culture, intent, and context, and why effective risk management must always be anchored to the decisions it is meant to support. Without that connection, risk becomes descriptive rather than directional. They also dive into the realities of interconnected risk, the current state of risk technology, and where the discipline may be heading by 2030, including whether tools are helping organizations make better decisions, or simply producing more sophisticated noise. If Wrath of Math challenged how we quantify risk, this episode challenges how we make sense of it and whether risk management is truly helping us navigate, or just giving us more charts while we drift.

AI isn’t just reshaping workflows, it’s quietly redrawing the org chart itself. As Renee Murphy explores, the real disruption isn’t the technology but how it redistributes decision-making, forces cross-functional governance, and shifts influence toward those who understand the data. From AI councils multiplying across enterprises to power dynamics tilting toward technical fluency, organizations are learning that success with AI has less to do with tools and more to do with culture, collaboration, and trust. The companies that get this right won’t just adopt AI, they’ll evolve around it. Read More: https://lnkd.in/gQjHPPjm #AI #Governance #RiskManagement #GRC #AIGovernance #DigitalTransformation #Leadership #Compliance

In this episode of The Hitchhiker's Guide to the GRC Technology Galaxy Podcast, GRC field researcher and intergalactic GRC hitchhiker Michael Rasmussen sits down with Anders Søborg, co-founder and co-CEO of E-V-E AI, in an unusual setting at the Glyptoteket Museum in Copenhagen. Surrounded by a space that blends art, architecture, and atmosphere into a single experience, the conversation begins with a simple idea. Context changes how you see everything. It turns out that same idea applies to GRC, where meaning is often buried in documents, dashboards, and disconnected processes. From there, Anders explains what E-V-E AI is and why it approaches compliance differently. Instead of layering automation onto existing workflows, E-V-E is built to analyze evidence directly. It maps controls, identifies gaps, and produces audit-ready outputs without the usual friction. The goal is not just speed but clarity. They then discuss the role of agentic AI, where it is already delivering value and where it may take GRC in the near future. The conversation also explores how organizations should think about value across four dimensions. Efficiency, effectiveness, resilience, and agility. Not just cost savings. The episode closes with a look ahead to 2030 and how platforms like E-V-E AI may reshape compliance into something more continuous and embedded in how organizations actually operate. In a galaxy full of rules and reports, this conversation lands on something simpler. When you understand the context, the rest starts to make sense.

🌍 THIS WEEK IN GRC NEWS — FROM AROUND THE WORLD . . . From card surcharge enforcement and quantum computing scrutiny to digital regulation, cybersecurity coordination, and deepfake awareness, the global GRC landscape continues to evolve rapidly . . . Stay informed with This Week in Governance, Risk Management & Compliance News from your trusted source GRC Report. This week’s edition is sponsored by Optro. 👇👇👇 The full news edition is linked below 👇👇👇 COMPLIANCE & ETHICS 🇦🇺 Hyatt changed its card surcharge practices in Australia following an ACCC investigation into whether customers were being charged improperly for card payments. RISK & RESILIENCE 🇮🇹 Italy’s competition authority has launched a market investigation into quantum computing, opening a new phase of regulatory attention on next-generation technologies and emerging market dynamics. IT SECURITY & PRIVACY 🇪🇺 At a Brussels conference this week, European regulators warned that as the EU digital rulebook expands, cooperation across authorities and stakeholders cannot be optional. 🇪🇺 Brussels also advanced its cybersecurity agenda as privacy regulators reinforced guardrails through support for the European Commission’s proposed Cybersecurity Act 2 and related amendments. AI GOVERNANCE 🇪🇸 Spain’s data protection authority launched a new deepfake awareness initiative, highlighting the growing need for responsible AI use, public education, and digital trust. MANAGEMENT DISCUSSIONS 📘 Optro: Harness AI to create a connected GRC system explores how organizations are rethinking GRC through AI, not simply as a layer of automation, but as a way to fundamentally change how risk is understood, connected, and managed across the enterprise. 👇👇👇 The full news edition is linked below 👇👇👇 💬 Have a question? Ask GRC 20/20 Research how these developments impact your organization. _____________ 🪐 GRC 20/20 Research maps and monitors the ever-expanding GRC galaxy — now tracking 1,500+ solutions and the professional services orbiting them — reach out to GRC 20/20 Research for insight into GRC-related solutions & professional services that best fit your organization's needs 📡 Follow GRC Report for news and expert insights on governance, risk management and compliance around the world 🎙️ Tune into the podcasts → Risk Is Our Business Podcast & Hitchhiker's Guide to the GRC Technology Galaxy Podcast

We identified an error in a headline from Tuesday’s report tied to an older source being incorrectly referenced during research. A correction is being issued tomorrow, and we’re reviewing our process to ensure it doesn’t happen again. We appreciate those who flagged it. #Correction #Journalism #GRC #Compliance

The EU’s competition chief Teresa Ribera says a decision on whether Google breached the Digital Markets Act is coming soon, as she heads into a high-stakes week of meetings with leaders from Google, Meta, OpenAI, and Amazon. With mounting pressure from industry groups, ongoing investigations into AI-driven search and platform practices, and parallel scrutiny in the U.S., the outcome could shape how digital markets are governed on both sides of the Atlantic and signal how aggressively regulators intend to enforce the DMA in practice. Read More: https://lnkd.in/gPrXurmU #DigitalMarketsAct #DMA #BigTech #Antitrust #CompetitionLaw #AIRegulation #TechPolicy #DataGovernance #EURegulation #GRC #RiskManagement #Compliance

In this episode of Risk Is Our Business, Captain Michael Rasmussen is joined by Karan S Rao, MBA, CRISC, CISA, Head of Enterprise Risk at Embark Student Corp., for a conversation that started not in a boardroom but on LinkedIn. A post from Karan caught Michael’s attention on how the best risk managers aren’t the ones with the most complex models, but the ones who can walk into a room, read the people, interrogate the data, and explain risk so clearly that action becomes unavoidable. From there, the discussion dives into the human side of risk. They explore why understanding behavior is just as important as understanding data, and why the ability to communicate, write, and present with clarity separates those who inform from those who influence. Risk leaders, they argue, don’t hide behind dashboards, they translate insight into decisions. They also discuss the importance of developing skills that compound over time: communication, storytelling, emotional intelligence, and business understanding. Karan shares how ideas from Atlas of the Heart shape his approach to risk leadership, helping him connect emotion, clarity, and decision-making in high-stakes environments. This episode is about moving risk from a reporting function to a leadership discipline, one where the ability to engage the room matters just as much as the data on the screen.