Digital Compliance and Cybersecurity: an IT and Legal Investigation

Private companies are moving toward deeper digitisation because new technologies offer clear advantages, but this also increases their exposure to cybersecurity risks. Cybersecurity today must be understood as a complex and layered concept. It cannot be ensured through technology alone because no hardware or software can guarantee complete protection. This is especially clear when assessing the risks of artificial intelligence systems, where uncertainty must be treated as a probabilistic aspect of systemic vulnerability. Since no system is perfect, effective safeguards must also reflect the social values that the legal system protects. These issues show how closely IT security and corporate compliance are connected: both depend on internal processes that include methodological, organisational and legal-economic elements. So, a risk-based approach, promoted, for example, by the EU through the 2024 AI Act, supports a modern view of compliance in which a company safeguards legality by strengthening its entire organisational structure. Legally relevant assets can be threatened not only by external attacks but also by internal failures. This makes best practices and strong cross-departmental organisation essential, not just IT measures. Corporate cybersecurity policies are deeply tied to both general and specific compliance principles for the use of digital tools. This creates the need for a holistic approach and to manage cyber issues through compliance methods: in this way, cybersecurity becomes a true business matter and cyber risk becomes part of enterprise risk management.