Real talk for a second. I've been having the same conversation over and over with people in this community, and it goes something like this: Me: "Have you mapped your AI systems against the EU AI Act's high-risk categories?" Them: "The what?" If that's you - no judgment. You are actually ahead of most professionals just by being in this community. But I want to make sure we're all on the same page, because the August 2026 deadline is going to catch a LOT of companies flat-footed. (assuming they don't change that deadline date) So here's the cliff notes version. Save this post. Come back to it. 📌 THE 8 HIGH-RISK CATEGORIES If your company uses AI for any of these, the EU AI Act applies: 1. Biometric ID (facial recognition, emotion detection) 2. Critical infrastructure (utilities) 3. Education (grading, admissions) 4. Employment (hiring, promotions, monitoring) 5. Essential services (credit, insurance, benefits) 6. Law enforcement (predictive policing) 7. Migration/asylum (visa risk) 8. Justice (case prediction) 📌 THE 6 THINGS YOU MUST DO If you're in scope, you owe regulators: ✓ Risk assessments ✓ Data quality + governance ✓ Technical documentation ✓ Human oversight ✓ Transparency + explainability ✓ Registration in an EU database 📌 WHY THIS MATTERS FOR YOUR CAREER Look - I'm not trying to scare you. I'm trying to wake you up. When GDPR hit in 2018, the people who had built compliance expertise BEFORE the deadline became the most valuable hires of that decade. Companies were desperate. Consultants charged whatever they wanted. The same thing is about to happen with AI GRC. The professionals who can classify systems correctly, build compliance programs, and document evidence for regulators are going to be the ones running these functions by next year. That's the opportunity in this room. 📌 ACTION STEPS THIS WEEK If you want to actually do something with this: → Pick ONE of the 8 categories closest to your industry → Spend 30 minutes reading the actual Article in the AI Act (free online)

Our Cyber Pros Training be cohort of the AI GRC Practitioner Program: https://cy-ber.pro/ai-grc-practitioner had the opportunity to learn directly from Gorkem Cetin, co-founder of VerifyWise, for a special session on AI governance in practice. Dr. Gorkem shared the story behind why VerifyWise was founded, the real-world gaps it was built to address, and why AI governance needs to move beyond theory, frameworks, and policy documents. A big thank-you to Dr. Gorkem and the VerifyWise team for joining our cohort and sharing both the “why” behind the platform and the practical side of how AI governance gets done. #AIGovernance #AIGRC #RiskManagement #Compliance #CyberPros #VerifyWise #ResponsibleAI #AICompliance #GovernanceRiskCompliance

Hi @François B. Arthanas I passed my Certified Security. SO i have my security +, Net+ now I am working on the Cysa+

I talked to a friend of mine does internal auditor yesterday who said: "I audit IT controls all day. How is AI governance different?" My answer: AI systems fail in ways traditional IT systems don't. Traditional IT failure: Server goes down → you lose availability Database gets breached → you lose confidentiality AI system failure: Model makes biased hiring decisions → you face discrimination lawsuits Chatbot hallucinates legal advice → you are liable for damages Pricing algorithm violates fair lending laws → regulators fine you millions The governance challenge isn't just "Is the system secure and available?" It's: "Is the training data representative?" "Can we explain why the model made that decision?" "What's our recourse when the AI screws up?" This is why AI governance is its own discipline and WHY internal auditors with traditional IT skills need to be upskilling.

But not "write code" technical. NO. I'm talking about the "Ask the right questions" technical. MEASURE = assessing and benchmarking AI risks. It covers 4 categories: →Risk Measurement: How do we quantify AI risk? →Validation: Is the model performing as expected? →Testing & Evaluation: Have we tested for bias, security, robustness? →Documentation: Can we explain our testing methodology? If you are a Governance, Risk & Compliance (GRC) professional, you already know how to measure risk. You've built risk heat maps, scored likelihood/impact, and tracked KRIs. The difference with AI? You need to ask data science teams questions like: "What metrics are you using to measure model accuracy?" "Have you tested for disparate impact across protected classes?" "What's your false positive/false negative rate, and is that acceptable?" "How do you monitor for model drift in production?" These aren't technical questions. They're governance questions applied to AI. Where are you in your AI Governance journey? See you in the comment section.