SpotON – our blog around digital compliance in enterprises
SpotON – Digital Compliance
Read here regularly on selected topics, developments and news from the areas:
SAM & Cloud – use software legally compliant and cost-effective
IT Security & Threat Intelligence – protect the IT landscape effectively
Data & Digitization – manage digital assets across the lifecycle
Complion Insights – look behind the scenes of digital compliance consultants
27/05/2026
More AI, More Control, More Costs: What’s Behind Microsoft 365 E7
With the new Microsoft 365 E7, Microsoft introduced the first new enterprise licensing tier since the launch of E5 in 2015. Officially, Microsoft calls the package “The Frontier Suite”—and the name alone makes it quite clear where the journey is headed: more AI, more automation, and an even stronger tie to the Microsoft ecosystem.
Project Report: DORA Contract Compliance Implementation
The Digital Operational Resilience Act (DORA) requires financial institutions, effective January 17, 2025, to enforce new minimum contractual requirements for ICT (Information and Communication Technology) contracts with their ICT service providers. The topic of DORA has been with me since the start of my career. My project team and I were commissioned by a German financial institution to ensure its DORA contractual compliance. Based on this project experience, I would like to report in this article on our approach to the project and the insights we gained.
Communities are at the heart of modern software asset management
Those who rely solely on tools and processes in software asset management lose sight of the most important thing: people. Software asset management is no longer an IT niche but a company-wide governance discipline with a variety of specialized roles: from the SAM manager and the license manager to interfaces with procurement, controlling/finance, and IT. Only through the collaboration of all stakeholders can license-compliant and economically efficient software usage be achieved.
The Crisis as a Wake-up Call – Digital Sovereignty and the Software Supply Chain
Part 1 of the series addressed Europe’s digital dependence on non-European providers and how the flagship GAIA-X project has done little to change this. The second part focuses on open-source software and specific initiatives that can serve as alternatives to major software products in areas where Europe’s dependence is particularly acute.
Active Listening—The Underestimated Superpower of Consulting
Many who enter the management consulting field are familiar with the situation: The first interview with a business unit is coming up. You’ve prepared well, read background material, and jotted down potential questions. It’s precisely in situations like these that something interesting often happens. While the interviewer is still explaining, the analysis begins in your own mind: What are the challenges? What approach might work?
Born in 1982 in the beautiful state of Mecklenburg-Western Pomerania, I’m a photography enthusiast in my free time. I prefer books to TV, the sound of vinyl records to MP3s, and cats to… no, I like dogs just as much! Today, I live with my wife in Hanover, and yes, I try to keep my High German accent despite working in Cologne!
AI-Powered Cyberattacks: Trends in an Evolving Threat Landscape
Generative AI has already significantly transformed the threat landscape, not only in terms of the speed and scale of attacks, but also in their sophistication. CrowdStrike recorded an 89% increase in cyberattacks by threat actors using AI in 2025. (CrowdStrike Global Threat Report 2026)
What Makes Our Team Tick: 5 Reasons Why You'll Feel Right at Home Here
Technical skills can be developed. But whether you look forward to opening your laptop or coming into the office in the morning depends on something else: the team.
Wondering what makes working at Complion special? The following 5 reasons show you why you’ll feel right at home with us from day one.
Critical Infrastructure (KRITIS) umbrella law 2026: What operators need to know now
The KRITIS umbrella law (KRITIS-DachG) was passed by the German Bundestag on January 29, 2026, and transposes the EU CER Directive (EU) 2022/2557 on the physical resilience of critical facilities into German law. In terms of content, it is clearly distinct from the "classic" KRITIS requirements for IT security (BSI Act/KRITIS Regulation): The umbrella law primarily addresses physical threats, operational and organizational resilience, not pure cybersecurity.
At the same time, there is a risk of confusion: in practice, operators will have to neatly interlink two strands of regulation in the future (physical/organizational vs. cyber/IT). This article provides an overview, highlights typical obligations, and outlines concrete next steps.
Our company consists of people, and we want to introduce them to you. Today we are talking to Senem Sünger. We find out what COMPLION means to her, what her daily tasks are, and what she does when she is not working on customer projects.
Software suppliers today have a strong negotiating position—whether they are hyperscalers, SaaS providers, or traditional on-premise manufacturers. Contracts and licensing models are often deliberately designed to be complex in order to retain customers in the long term or generate additional revenue.
Cybersecurity in the context of geopolitical changes: From protecting critical infrastructure to tool dependencies
From the perspective of a security analyst, whether cyber or otherwise, the year 2026 began with a bang. The US military's access to Venezuelan President Nicolás Maduro shook the world and raised many questions and several causes for concern. It is now confirmed that the US interprets international law in its own way to protect its interests. The possible use of previously unknown cyber capabilities by the US means that this kidnapping case is forcing operators of critical infrastructure in other countries to examine their own resilience.
