For IT managers in public institutions, universities and companies, the year 2026 will not bring any radical innovations, but rather a consolidation of existing regulations - with concrete effects on everyday life. The AI Act, the NIS2 Implementation Act, eIDAS 2.0 and the Data Act will come into force and present organisations with new compliance requirements, particularly in the areas of artificial intelligence, cyber security, digital identities and data sovereignty.
As CTO of EGOTEC AG and the person responsible for our certified content management system egocms ("Software Made in Germany", "Software Hosted in Germany"), I would like to show you how you can not only master these challenges, but even use them as an opportunity - without restricting the flexibility of your digital processes.
AI regulation according to the AI Act
Transparency is not an option, but a duty
From 2 August 2026, the key provisions of the EU AI Act will apply, including strict transparency obligations for high-risk AI systems such as chatbots, automated translations or content generation. The current legal dispute between GEMA and OpenAI is particularly relevant here, in which a Munich court ruled that the training of language models with copyrighted content without sufficient documentation or technical protective measures against "memorisation" is inadmissible. For you as a user of AI tools, this means that you must be able to prove which data your AI systems process - and ensure that no copyright-protected content is reproduced in an uncontrolled manner.
How egocms takes the burden off you
Our RAG-based chatbot solution (Retrieval Augmented Generation) relies on local data sources and avoids precisely these risks. Instead of relying on opaque, externally trained models, the chatbot - as in the reference project with the Neckar-Odenwald district - only accesses your own, controlled content.
This has two advantages:
- Legal certainty
By restricting access to your media database and clearly defined sources (e.g. articles, PDFs, FAQs), the risk of unintentional copyright infringements is eliminated. - Traceability
Every AI-generated response or translation is automatically versioned and logged. This allows you to fulfil the documentation requirements of the AI Act without any manual effort.
Example
The chatbot of the city of Radebeul, hosted on lalamo.cloud and operated with llama3.1 on an efficient 20GB graphics card, shows how AI can enable transparent citizen communication - without dependence on US hyperscalers.
Our EGOCMS team will be happy to advise you
NIS2 and Cyber Resilience Act: security requirements become mandatory
With the NIS2 Implementation Act, the legislator is significantly expanding the group of affected companies. From 2026, not only critical infrastructures (KRITIS), but also public institutions, universities and medium-sized companies will have to fulfil reporting obligations for security incidents, risk management processes and minimum technical standards. Anyone who was not previously subject to the KRITIS regulations should check whether their own organisation is now classified as an "important" or "particularly important institution". The consequences of non-compliance are serious: in addition to fines, there is the threat of extended powers of intervention by the BSI and reputational damage.
How EGOCMS protects you
Software hosted in Germany
Our infrastructure meets the requirements for data localisation and protects against access by foreign authorities.
Integrated security features
EGOCMS automatically logs access, changes and suspicious activities - a basic requirement for incident reporting in accordance with NIS2.
Practical implementation
Use our granular rights management to restrict access to sensitive areas (e.g. patient or student data). Automatic logging provides you with the necessary evidence for authorities in the event of an emergency.
Our EGOCMS team will be happy to advise you
DSA, DMA and public procurement: "Buy European" as a strategic advantage
Platform regulation through DSA and DMA leads to stricter transparency and due diligence obligations for large suppliers. At the same time, the EU is promoting the favouring of European solutions in tenders as part of its digital sovereignty strategy. For you as a decision-maker, this means
- Open source strategies and data localisation will become tender criteria.
- US cloud providers could be more difficult to enforce in future - a clear advantage for EGOCMS as a certified "Software Made in Germany" and "Software Hosted in Germany" solution.
Reference
The Neckar-Odenwald district deliberately opted for egocms to avoid dependencies on hyperscalers and at the same time benefit from modern AI features (such as the RAG chatbot).
Conclusion
2026 as the year to set the course - on the safe side with EGOCMS
The changes in IT law in 2026 are not an obstacle, but an opportunity to future-proof your digital processes. With EGOCMS, you can rely on a platform that combines compliance, accessibility and innovation - without compromising on user-friendliness.
Your next steps
- Check your AI applications for AI Act compliance - we will be happy to advise you on the integration of our RAG solution.
- Carry out an NIS2 audit and use our checklist for implementation.
Do you have any questions or would you like a personalised consultation?
Contact our EGOCMS team of experts
Together, we will make your digital infrastructure legally compliant, barrier-free and future-proof - in line with our philosophy: "Software Made in Germany" and "Software Hosted in Germany".