SpotON – our blog around digital compliance in enterprises
SpotON – Digital Compliance
Read here regularly on selected topics, developments and news from the areas:
SAM & Cloud – use software legally compliant and cost-effective
IT Security & Threat Intelligence – protect the IT landscape effectively
Data & Digitization – manage digital assets across the lifecycle
Complion Insights – look behind the scenes of digital compliance consultants
16/06/2026
AI-Based vulnerability discovery in the age of Anthropic, Mythos, and others: A turning point or just a fleeting trend?
The use of AI-based systems is steadily increasing. This applies not only to businesses but also to individuals, threat actors, and researchers. Anthropic recently made a particularly strong impression with announcements surrounding its latest AI model, Mythos. “Too dangerous for the public,” the media headlined.
The tool certainly seems efficient, as it finds 27-year-old security holes in OpenBSD, hundreds of vulnerabilities in Firefox, and countless bugs in the Linux kernel.
Does this now spell the end of software security in enterprises? Are we even facing a paradigm shift – or just a hyped-up trend?
More AI, More Control, More Costs: What’s Behind Microsoft 365 E7
With the new Microsoft 365 E7, Microsoft introduced the first new enterprise licensing tier since the launch of E5 in 2015. Officially, Microsoft calls the package “The Frontier Suite”—and the name alone makes it quite clear where the journey is headed: more AI, more automation, and an even stronger tie to the Microsoft ecosystem.
Project Report: DORA Contract Compliance Implementation
The Digital Operational Resilience Act (DORA) requires financial institutions, effective January 17, 2025, to enforce new minimum contractual requirements for ICT (Information and Communication Technology) contracts with their ICT service providers. The topic of DORA has been with me since the start of my career. My project team and I were commissioned by a German financial institution to ensure its DORA contractual compliance. Based on this project experience, I would like to report in this article on our approach to the project and the insights we gained.
Communities are at the heart of modern software asset management
Those who rely solely on tools and processes in software asset management lose sight of the most important thing: people. Software asset management is no longer an IT niche but a company-wide governance discipline with a variety of specialized roles: from the SAM manager and the license manager to interfaces with procurement, controlling/finance, and IT. Only through the collaboration of all stakeholders can license-compliant and economically efficient software usage be achieved.
The Crisis as a Wake-up Call – Digital Sovereignty and the Software Supply Chain
Part 1 of the series addressed Europe’s digital dependence on non-European providers and how the flagship GAIA-X project has done little to change this. The second part focuses on open-source software and specific initiatives that can serve as alternatives to major software products in areas where Europe’s dependence is particularly acute.
Active Listening—The Underestimated Superpower of Consulting
Many who enter the management consulting field are familiar with the situation: The first interview with a business unit is coming up. You’ve prepared well, read background material, and jotted down potential questions. It’s precisely in situations like these that something interesting often happens. While the interviewer is still explaining, the analysis begins in your own mind: What are the challenges? What approach might work?
Born in 1982 in the beautiful state of Mecklenburg-Western Pomerania, I’m a photography enthusiast in my free time. I prefer books to TV, the sound of vinyl records to MP3s, and cats to… no, I like dogs just as much! Today, I live with my wife in Hanover, and yes, I try to keep my High German accent despite working in Cologne!
AI-Powered Cyberattacks: Trends in an Evolving Threat Landscape
Generative AI has already significantly transformed the threat landscape, not only in terms of the speed and scale of attacks, but also in their sophistication. CrowdStrike recorded an 89% increase in cyberattacks by threat actors using AI in 2025. (CrowdStrike Global Threat Report 2026)
What Makes Our Team Tick: 5 Reasons Why You'll Feel Right at Home Here
Technical skills can be developed. But whether you look forward to opening your laptop or coming into the office in the morning depends on something else: the team.
Wondering what makes working at Complion special? The following 5 reasons show you why you’ll feel right at home with us from day one.
Critical Infrastructure (KRITIS) umbrella law 2026: What operators need to know now
The KRITIS umbrella law (KRITIS-DachG) was passed by the German Bundestag on January 29, 2026, and transposes the EU CER Directive (EU) 2022/2557 on the physical resilience of critical facilities into German law. In terms of content, it is clearly distinct from the "classic" KRITIS requirements for IT security (BSI Act/KRITIS Regulation): The umbrella law primarily addresses physical threats, operational and organizational resilience, not pure cybersecurity.
At the same time, there is a risk of confusion: in practice, operators will have to neatly interlink two strands of regulation in the future (physical/organizational vs. cyber/IT). This article provides an overview, highlights typical obligations, and outlines concrete next steps.
Our company consists of people, and we want to introduce them to you. Today we are talking to Senem Sünger. We find out what COMPLION means to her, what her daily tasks are, and what she does when she is not working on customer projects.
Software suppliers today have a strong negotiating position—whether they are hyperscalers, SaaS providers, or traditional on-premise manufacturers. Contracts and licensing models are often deliberately designed to be complex in order to retain customers in the long term or generate additional revenue.
