SpotON – our blog around digital compliance in enterprises
SpotON – Digital Compliance
Read here regularly on selected topics, developments and news from the areas:
SAM & Cloud – use software legally compliant and cost-effective
IT Security & Threat Intelligence – protect the IT landscape effectively
Data & Digitization – manage digital assets across the lifecycle
Complion Insights – look behind the scenes of digital compliance consultants
07/07/2026
A ruling on the structure of U.S. government agencies brings down the EU-U.S. data agreement
At first glance, a dispute over the dismissal of an FTC commissioner seems to have little to do with data protection. But upon closer inspection, the U.S. Supreme Court has thereby removed the pillar on which the entire legal basis for data transfers from the EU to the U.S. rests.
SAP Is Always Evolving—Companies Must Take the Initiative!
SAP is accelerating the pace of change: artificial intelligence, portfolio shifts, cloud migration, new support models, data platforms, and usage-based licensing models are gradually transforming the operational, contractual, and cost models of many customers.
The Cloud Act, the Patriot Act, data transfers to third countries: Anyone who hosts their Office infrastructure with U.S. providers relinquishes a significant portion of their digital sovereignty. For companies in regulated industries, for public administration, and for any organization handling sensitive data, this poses a compliance risk.
AI-Based vulnerability discovery in the age of Anthropic, Mythos, and others: A turning point or just a fleeting trend?
The use of AI-based systems is steadily increasing. This applies not only to businesses but also to individuals, threat actors, and researchers. Anthropic recently made a particularly strong impression with announcements surrounding its latest AI model, Mythos. “Too dangerous for the public,” the media headlined.
The tool certainly seems efficient, as it finds 27-year-old security holes in OpenBSD, hundreds of vulnerabilities in Firefox, and countless bugs in the Linux kernel.
Does this now spell the end of software security in enterprises? Are we even facing a paradigm shift – or just a hyped-up trend?
More AI, More Control, More Costs: What’s Behind Microsoft 365 E7
With the new Microsoft 365 E7, Microsoft introduced the first new enterprise licensing tier since the launch of E5 in 2015. Officially, Microsoft calls the package “The Frontier Suite”—and the name alone makes it quite clear where the journey is headed: more AI, more automation, and an even stronger tie to the Microsoft ecosystem.
Project Report: DORA Contract Compliance Implementation
The Digital Operational Resilience Act (DORA) requires financial institutions, effective January 17, 2025, to enforce new minimum contractual requirements for ICT (Information and Communication Technology) contracts with their ICT service providers. The topic of DORA has been with me since the start of my career. My project team and I were commissioned by a German financial institution to ensure its DORA contractual compliance. Based on this project experience, I would like to report in this article on our approach to the project and the insights we gained.
Communities are at the heart of modern software asset management
Those who rely solely on tools and processes in software asset management lose sight of the most important thing: people. Software asset management is no longer an IT niche but a company-wide governance discipline with a variety of specialized roles: from the SAM manager and the license manager to interfaces with procurement, controlling/finance, and IT. Only through the collaboration of all stakeholders can license-compliant and economically efficient software usage be achieved.
The Crisis as a Wake-up Call – Digital Sovereignty and the Software Supply Chain
Part 1 of the series addressed Europe’s digital dependence on non-European providers and how the flagship GAIA-X project has done little to change this. The second part focuses on open-source software and specific initiatives that can serve as alternatives to major software products in areas where Europe’s dependence is particularly acute.
Active Listening—The Underestimated Superpower of Consulting
Many who enter the management consulting field are familiar with the situation: The first interview with a business unit is coming up. You’ve prepared well, read background material, and jotted down potential questions. It’s precisely in situations like these that something interesting often happens. While the interviewer is still explaining, the analysis begins in your own mind: What are the challenges? What approach might work?
Born in 1982 in the beautiful state of Mecklenburg-Western Pomerania, I’m a photography enthusiast in my free time. I prefer books to TV, the sound of vinyl records to MP3s, and cats to… no, I like dogs just as much! Today, I live with my wife in Hanover, and yes, I try to keep my High German accent despite working in Cologne!
AI-Powered Cyberattacks: Trends in an Evolving Threat Landscape
Generative AI has already significantly transformed the threat landscape, not only in terms of the speed and scale of attacks, but also in their sophistication. CrowdStrike recorded an 89% increase in cyberattacks by threat actors using AI in 2025. (CrowdStrike Global Threat Report 2026)
What Makes Our Team Tick: 5 Reasons Why You'll Feel Right at Home Here
Technical skills can be developed. But whether you look forward to opening your laptop or coming into the office in the morning depends on something else: the team.
Wondering what makes working at Complion special? The following 5 reasons show you why you’ll feel right at home with us from day one.