Table of Contents

Reach SOC 2 Compliance in 6 Weeks or Less.

  / ,

  / HIPAA vs GDPR: Key Differences & Dual Compliance Guide

HIPAA vs GDPR: Key Differences & Dual Compliance Guide

HIPAA and GDPR are the two most consequential data protection frameworks any healthcare or technology organisation is likely to encounter. They share a common purpose, protecting sensitive personal data, but they differ significantly in scope, enforcement mechanisms, and compliance obligations.

For organisations operating across the Atlantic, understanding where they align, where they clash, and how to satisfy both simultaneously is not optional. It is a legal necessity.

HIPAA vs GDPR

What Is HIPAA?

The Health Insurance Portability and Accountability Act was enacted by the U.S. Congress in 1996. Its original purpose was to modernise the flow of healthcare information and ensure the portability of health insurance coverage. Over time, it became primarily known for its data protection requirements, administered by the U.S. Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

HIPAA is built around three core rules.

  • The Privacy Rule governs how Protected Health Information (PHI) may be used and disclosed.
  • The Security Rule sets standards for safeguarding electronic PHI (ePHI).
  • The Breach Notification Rule establishes mandatory reporting timelines when PHI is compromised.

Who Needs to Be HIPAA Compliant?

HIPAA applies to covered entities, healthcare providers, health plans, and healthcare clearinghouses, and to their business associates: any third-party organisation that handles PHI on their behalf. If you build software that processes patient data for a U.S. hospital, you are a business associate. If you store medical records in the cloud for an insurance company, you are a business associate. A Business Associate Agreement (BAA) is the formal contract that governs this relationship.

What Types of Data Does HIPAA Protect?

HIPAA protects Protected Health Information (PHI): any individually identifiable information relating to a person’s past, present, or future physical or mental health condition, the provision of healthcare, or the payment for healthcare.

This includes names, dates of birth, Social Security numbers, medical record numbers, and any data that could be used to identify a patient in connection with their health. Electronic PHI, the subset stored or transmitted digitally, is subject to the Security Rule’s additional technical requirements.

Reach SOC 2 Compliance in 6 Weeks or Less

Schedule Your Free SOC 2 Assessment Today

What Is GDPR?

The General Data Protection Regulation came into force across the European Union on 25 May 2018, replacing the 1995 Data Protection Directive. It is the world’s most comprehensive data privacy law, and its extraterritorial reach means it extends well beyond Europe’s borders. The GDPR is enforced by national Data Protection Authorities (DPAs) and coordinated at the European level by the European Data Protection Board (EDPB). Unlike HIPAA, GDPR is not sector-specific. It applies to any organisation processing the personal data of EU residents, regardless of industry.

Who Needs to Be GDPR Compliant?

Any organisation that processes the personal data of individuals located in the European Union, regardless of where the organisation is based. A U.S. hospital treating European patients, a SaaS company offering services to German users, or a health app collecting data from French residents all fall within GDPR’s scope. The regulation applies to both data controllers (organisations that determine how and why data is processed) and data processors (third parties that process data on a controller’s behalf).

What Types of Data Does GDPR Protect?

GDPR protects all personal data: any information relating to an identified or identifiable natural person. Health data is explicitly designated a special category under GDPR Article 9, commanding heightened protection alongside biometric data, genetic data, racial or ethnic origin, religious beliefs, and sexual orientation.

HIPAA vs GDPR: Key Differences at a Glance

FeatureHIPAAGDPR
JurisdictionUnited States onlyEU + extraterritorial reach
SectorHealthcare onlyAll sectors
Regulatory bodyHHS / OCRNational DPAs / EDPB
Data coveredPHI onlyAll personal data
Consent modelTreatment-based exceptionsExplicit consent required
Breach notification60 days (proposed: 72 hours)72 hours
Max fine$1.9M per violation category/year€20M or 4% of global turnover
DPO requiredNoSometimes
Right to erasureLimitedYes

Scope and Geographic Reach

HIPAA’s reach is defined by entity type: it applies to covered entities and business associates operating within the United States. Whether a patient holds EU citizenship is irrelevant to HIPAA jurisdiction. What matters is whether the organisation providing care or processing health data operates within the U.S. healthcare system.

GDPR’s reach is defined by the location of the data subject, not the organisation. Article 3 of the GDPR gives it explicit extraterritorial effect. If your organisation targets or monitors EU residents, GDPR applies, regardless of where you are headquartered, where your servers are located, or what industry you operate in.

Types of Data Protected: Personal Data vs Protected Health Information (PHI)

This is the sharpest structural difference between the two frameworks. HIPAA is focused exclusively on health data in the context of healthcare delivery or payment. GDPR covers all personal data, from email addresses and IP addresses to medical records and genetic profiles.

Health data under GDPR is a subset of the broader personal data category, not the totality of it. An organisation that is fully HIPAA-compliant may still be in violation of GDPR if it mishandles employee data, marketing data, or website analytics.

Legal Basis for Data Processing

GDPR requires organisations to identify a valid legal basis before processing any personal data. For health data, that typically means explicit consent or one of the specific derogations in Article 9(2), such as processing necessary for medical diagnosis or the provision of healthcare. This is a meaningful threshold; pre-ticked boxes, bundled consent, or vague terms of service do not meet GDPR’s standard.

HIPAA takes a different approach. It permits covered entities to use and disclose PHI for treatment, payment, and healthcare operations without obtaining patient consent. Authorisation is required only in specific circumstances, such as disclosures for marketing purposes or release of psychotherapy notes.

Important: GDPR’s explicit consent requirement creates real friction for U.S. healthcare organisations treating EU patients. A hospital cannot rely on its standard HIPAA-compliant intake forms to satisfy GDPR. The legal bases must be documented separately, and consent forms must meet the GDPR’s granularity requirements.

Regulatory Authority and Enforcement

HHS OCR is the primary HIPAA enforcer in the United States. OCR investigates complaints, conducts compliance reviews, and imposes civil monetary penalties. In serious cases, the Department of Justice (DOJ) handles criminal enforcement.

Under GDPR, enforcement sits with each EU member state’s national DPA. Ireland’s Data Protection Commission (DPC), France’s CNIL, and Germany’s BfDI are among the most active. The EDPB coordinates cross-border enforcement and issues binding guidelines, but individual DPAs investigate organisations and impose fines.

Consent Requirements

Under GDPR, consent must be freely given, specific, informed, and unambiguous. For special category data, including health data, it must be explicit. Individuals can withdraw consent at any time, and organisations must be able to demonstrate that it was validly obtained. Silence, pre-ticked boxes, or inactivity do not count.

HIPAA permits treatment, payment, and operations processing without patient consent. Authorisation is required for specific disclosures outside these standard permissions.

Data Breach Notification Requirements

Under current HIPAA rules, covered entities must notify affected individuals and HHS within 60 calendar days of discovering a breach. For breaches affecting 500 or more individuals in a state, media notification is also required. The HIPAA Breach Notification Rule permits smaller breaches to be reported on an annual basis. Importantly, the 2025 proposed HIPAA Security Rule overhaul would reduce this to 72 hours for large breaches, aligning HIPAA’s timeline with GDPR.

GDPR requires notification to the relevant supervisory authority within 72 hours of becoming aware of a breach, where that breach is likely to result in a risk to individuals’ rights. If the breach poses a high risk to those individuals, affected data subjects must also be notified directly, without undue delay.

Worth Knowing: GDPR’s 72-Hour Breach Notification Rule

Under GDPR, if you cannot provide all details within 72 hours, you can submit the notification in phases, but the clock does not pause while you investigate. Initial notification is required, with supplemental information to follow. Many organisations discover a breach and wait to notify until the investigation is complete; this approach routinely results in regulatory scrutiny.

Penalties and Fines

HIPAA penalties are tiered by culpability, ranging from $100 to $50,000 per violation, with a maximum annual cap of $1.9 million per violation category (updated for inflation in 2023). Criminal penalties, pursued by the DOJ, can reach $250,000 and 10 years’ imprisonment.

GDPR fines operate on a two-tier structure. Less severe violations carry fines up to €10 million or 2% of global annual turnover, whichever is higher. Violations of core principles, lawfulness of processing, data subject rights, transfers to third countries can trigger fines up to €20 million or 4% of global annual turnover. By early 2026, cumulative GDPR fines had exceeded €7.1 billion since the regulation came into force.

Data Protection Officer (DPO) Requirements

HIPAA does not require a Data Protection Officer. Covered entities are expected to designate a Privacy Officer and a Security Officer, but these are internal roles without the formal independence that GDPR mandates.

Under GDPR Article 37, certain organisations must appoint a DPO: public authorities, organisations engaged in large-scale systematic monitoring of individuals, and organisations processing special category data on a large scale. For healthcare SaaS vendors processing EU patient data at scale, this threshold is frequently met.

Privacy Rights and Data Subject Access

GDPR grants data subjects a comprehensive set of rights: access, rectification, erasure, restriction of processing, data portability, and the right to object. These must be responded to within one month in most cases, with a limited extension to three months for complex requests.

HIPAA grants patients the right to access their own PHI, request corrections, and receive an accounting of disclosures. These are meaningful rights, but narrower than GDPR’s framework. HIPAA does not, for instance, grant patients data portability in the GDPR sense, nor does it provide a general right to object to processing.

The Right to Be Forgotten: GDPR vs HIPAA

This is where the two frameworks create a genuine compliance conflict. Under GDPR Article 17, individuals can request erasure of their personal data under certain conditions. A European patient treated by a U.S. provider might, in principle, request deletion of all records relating to their treatment.

HIPAA, however, requires covered entities to retain medical records for at least six years from the date of creation or last use, whichever is later. Deleting records on request could place an organisation in HIPAA violation, even if refusing to delete them constitutes a GDPR violation.

Insider Note: Organisations caught between GDPR erasure requests and HIPAA retention requirements should document their legal basis for retaining the records and respond to the GDPR request explaining why erasure cannot be fulfilled. GDPR Article 17(3) includes an explicit carve-out for legal obligations requiring retention; this is the mechanism to rely on, but the documentation must be in place before the request arrives.

Reach SOC 2 Compliance in 6 Weeks or Less

Schedule Your Free SOC 2 Assessment Today

Similarities Between HIPAA and GDPR

Shared Data Protection Goals

Both HIPAA and GDPR exist to protect individuals from the misuse, exposure, or unauthorised access to sensitive personal data. They take different routes, one sector-specific and prescriptive, the other broad and principles-based, but the destination is the same: organisations must treat personal data with care, limit access to those who need it, respond to failures transparently, and maintain accountability for their data practices.

Access Controls and Security Measures

Both frameworks require appropriate technical and organisational safeguards. The HIPAA Security Rule requires covered entities to implement physical, technical, and administrative controls for ePHI. GDPR Article 32 requires “appropriate” technical and organisational measures, which in practice means access controls, authentication, encryption, and regular security testing. Neither regulation prescribes a specific technical architecture; both expect organisations to assess risk and implement proportionate controls.

Risk Assessment Requirements

Both HIPAA and GDPR require formal risk assessments. The HIPAA Security Rule requires covered entities to conduct an accurate and thorough assessment of risks and vulnerabilities to ePHI. GDPR’s Data Protection Impact Assessment (DPIA) requirement, triggered for high-risk processing activities, follows the same logic. Before deploying a new healthcare application processing EU patient data, a DPIA is not a best practice, it is mandatory.

Encryption and Data Security Standards

Neither regulation originally mandated encryption as an absolute requirement. Both framed it as a control appropriate to the risk. The 2025 proposed HIPAA Security Rule update would make encryption required for ePHI in transit and at rest, eliminating the previous “addressable” flexibility. GDPR Article 32 cites encryption explicitly as an example of an appropriate security measure. The direction of travel under both frameworks is toward encryption as a baseline expectation.

GDPR vs HIPAA Compliance Requirements Explained

HIPAA Compliance Requirements Overview

HIPAA compliance centres on three rules.

  • The Privacy Rule governs permissible uses and disclosures of PHI, minimum necessary standards, and patient rights.
  • The Security Rule establishes technical, physical, and administrative safeguards for ePHI.
  • The Breach Notification Rule governs timelines and procedures when PHI is compromised.

Organisations demonstrate compliance through documented policies and procedures, regular risk assessments, employee training, access controls, audit logging, and Business Associate Agreements with all third parties handling PHI. There is no formal HIPAA certification; compliance is demonstrated through documentation and internal controls, which OCR evaluates during investigations and compliance reviews.

GDPR Compliance Requirements Overview

GDPR compliance requires organisations to: identify a lawful basis for each processing activity; maintain Records of Processing Activities (RoPA); implement data subject rights mechanisms across all relevant systems; appoint a DPO where required; complete DPIAs for high-risk processing; execute Data Processing Agreements (DPAs) with all processors; establish breach notification workflows; and address cross-border data transfer obligations using an approved mechanism such as Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework (DPF).

 

Can an Organization Be Subject to Both HIPAA and GDPR?

Yes, and this situation is increasingly common.

When Dual Compliance Is Required

A U.S. hospital actively marketing telemedicine services to patients in Europe triggers both regimes. A health-tech SaaS company selling software to EU hospitals and U.S. clinics must satisfy both. A global pharmaceutical company running clinical trials across the United States and the EU falls under both. The key question is: does the organisation handle PHI from U.S. covered entities, and does it also process personal data of EU residents?

Challenges of Achieving Dual Compliance

The most significant friction points are consent, retention, and the right to erasure. GDPR demands explicit consent as the legal basis for health data processing in many contexts; HIPAA permits processing without consent for treatment and operations. GDPR grants the right to erasure; HIPAA mandates six-year retention. GDPR requires 72-hour breach notification; HIPAA currently allows 60 days (though the proposed rule would close this gap). Each of these conflicts requires deliberate resolution, not a single document that attempts to satisfy both simultaneously.

Tips for Meeting Both HIPAA and GDPR Requirements

Use GDPR’s stricter requirements as the floor wherever the standards diverge. Implement 72-hour breach notification regardless of which framework technically applies. Treat all patient data as requiring explicit consent, even where HIPAA permits treatment-based exceptions. Use both a BAA and a DPA with processors handling data subject to both frameworks; these are different agreements serving different legal purposes. Document the retention justification clearly for any records that cannot be erased on GDPR request, invoking HIPAA’s retention obligation as the legal basis under GDPR Article 17(3).

Pro Tip: Map your Data Flows

Map your data flows against both frameworks simultaneously, rather than sequentially. A single data inventory annotated against HIPAA's PHI definition and GDPR's personal data categories will surface the exact points of overlap and conflict, and it is far easier to build controls around those collision points upfront than to retrofit them after a dual-framework audit.

HIPAA vs GDPR: Cloud and Healthcare IT Considerations

Cloud Provider Requirements Under GDPR

Under GDPR, cloud providers acting as data processors must execute a Data Processing Agreement with their clients. The DPA must specify the nature and purpose of processing, the categories of data and data subjects involved, the duration of processing, and the obligations and rights of the controller. Cloud providers must also support data subject rights requests and notify controllers of breaches without undue delay. For data stored or processed outside the EU, the appropriate transfer mechanism, SCCs, the DPF, or Binding Corporate Rules, must be in place.

Cloud Provider Requirements Under HIPAA

Under HIPAA, a cloud service provider storing or processing ePHI is a business associate, regardless of whether it can actually view or access that data. The covered entity or business associate must execute a BAA with the cloud provider. The Security Rule’s requirements apply in full: access controls, transmission security, audit controls, and integrity controls. AWS, Microsoft Azure, and Google Cloud all offer HIPAA-eligible service tiers with associated BAA templates.

Business Associate Agreements vs GDPR Data Processing Agreements

A BAA and a DPA serve analogous purposes, establishing terms under which a third party handles protected data, but they are distinct documents with different legal requirements. A BAA is tailored to HIPAA: it governs permissible uses and disclosures of PHI, requires appropriate safeguards, and mandates breach reporting. A DPA is tailored to GDPR Article 28: it covers processing instructions, security measures, sub-processor management, support for data subject rights, and audit rights. For organisations subject to both frameworks, both agreements are required with every relevant processor.

Reach SOC 2 Compliance in 6 Weeks or Less

Schedule Your Free SOC 2 Assessment Today

2025–2026 Regulatory Updates: What Has Changed?

Recent HIPAA Security Rule Updates

In January 2025, HHS published a comprehensive Notice of Proposed Rulemaking to overhaul the HIPAA Security Rule, the first major update since 2013. The proposals would eliminate the distinction between “required” and “addressable” implementation specifications, making every specification mandatory. Encryption of ePHI at rest and in transit would become explicitly required, as would multi-factor authentication (MFA) for all systems involving ePHI. Covered entities would also need to maintain a written technology asset inventory and network map, updated at least annually.

The proposed rule would reduce the breach notification timeline for large breaches (500 or more individuals) from 60 days to 72 hours. The OCR confirmed finalization remains on its regulatory agenda for mid-2026, with a 240-day compliance period following final publication. Healthcare IT teams should treat the proposed changes as directionally final and begin gap assessments now.

Recent GDPR Enforcement Developments

GDPR enforcement has accelerated substantially since 2023. By early 2026, cumulative fines exceeded €7.1 billion. In 2025 alone, regulators issued approximately €1.2 billion in fines. Ireland’s DPC fined TikTok €530 million for unlawfully transferring EU user data to China. France’s CNIL issued a €325 million fine against Google across its entities. The EDPB’s 2025 coordinated enforcement action focused on the right to erasure, with 32 supervisory authorities participating and over 760 controllers investigated.

The EDPB has also clarified that large language models and AI systems rarely meet GDPR’s standards for anonymisation, placing any AI tool processing EU patient data squarely within scope. The EU AI Act’s August 2026 compliance deadline for high-risk AI systems introduces an additional compliance layer for healthcare AI vendors already navigating GDPR obligations.

Worth Knowing: The 2025 HIPAA Security Rule NPRM

The 2025 HIPAA Security Rule NPRM also proposes requirements for business continuity and disaster recovery planning, including annual testing of contingency plans. For healthcare IT teams, this significantly raises the bar for operational resilience.

In Summary

HIPAA and GDPR approach data protection from different angles. HIPAA is narrowly focused on the healthcare sector, U.S. jurisdiction, and specific entity types, with detailed prescriptions for PHI safeguards. GDPR is broadly focused, with a near-universal jurisdictional reach, all personal data, with principles-based obligations designed to scale across industries and technologies.

Where they overlap, as they do for any organisation handling health data on both sides of the Atlantic, GDPR’s requirements tend to be stricter in most dimensions. The practical path to dual compliance is not to find a single framework that satisfies both, but to understand their differences precisely enough to address each on its own terms, and to build controls that can satisfy both simultaneously where the standards permit.

Frequently Asked Questions (FAQ) About HIPAA vs GDPR

Is GDPR Stricter Than HIPAA?

In most respects, yes. GDPR’s maximum fine, up to 4% of global annual turnover, significantly exceeds HIPAA’s $1.9 million annual cap per violation category. GDPR’s consent requirements are more demanding, its data subject rights framework is broader, and its scope extends across all sectors and industries. HIPAA is more prescriptive in its specific technical requirements for healthcare entities, but GDPR’s overall compliance burden is typically greater for organisations subject to both frameworks.

No. HIPAA applies to covered entities and business associates operating within the United States. The nationality of the patient is irrelevant to HIPAA jurisdiction. A French citizen receiving treatment at a New York hospital has their health data protected by HIPAA, but that fact does not trigger GDPR for the hospital; only the organisation’s deliberate conduct toward EU residents in the EU context would do that.

Yes, if it actively offers services to or monitors EU residents. A hospital marketing telemedicine services in Europe, maintaining a website in European languages, or accepting payments in euros is likely within GDPR’s extraterritorial scope under Article 3. Any organisation with deliberate commercial activity directed at EU residents should assess GDPR applicability carefully.

HIPAA is sector-specific (healthcare) and jurisdiction-specific (United States). GDPR is sector-agnostic and applies wherever EU residents’ personal data is processed. HIPAA protects only PHI; GDPR protects all personal data, with health data as a special category commanding heightened protection. GDPR’s scope is broader by design.

Current HIPAA rules require notification within 60 calendar days of discovering a breach, with media notification for large-scale incidents. The proposed 2025 HIPAA Security Rule update would require large breaches to be reported to HHS within 72 hours. GDPR requires supervisory authority notification within 72 hours of becoming aware of a breach, with no minimum size threshold, and requires direct notification to affected individuals when the breach poses a high risk to their rights.

The penalties stack. A U.S. healthcare organisation suffering a breach that affects both U.S. patients and EU residents could face HIPAA civil monetary penalties from OCR and GDPR fines from the relevant DPA simultaneously. These are independent enforcement actions, pursued by separate authorities under separate legal frameworks. There is no mechanism for offsetting one penalty against the other.

SaaS companies are business associates under HIPAA if they handle ePHI on behalf of covered entities, regardless of how the service is branded or whether the company identifies as a healthcare company. They are data processors under GDPR if they process personal data on behalf of EU data controllers. In both cases, the appropriate agreement (BAA for HIPAA, DPA for GDPR) is required, and appropriate security controls must be in place. SaaS companies serving healthcare clients globally will routinely need to satisfy both frameworks simultaneously.

No. They share a common value, protecting individuals’ sensitive data, but differ fundamentally in scope, legal mechanisms, enforcement, and the rights they confer. HIPAA compliance does not constitute GDPR compliance, and GDPR compliance does not exempt an organisation from HIPAA requirements. For organisations operating under both frameworks, the only compliant path is to address each on its own terms while identifying practical efficiencies where they genuinely overlap.

Axipro Author

Picture of Pedro Dias

Pedro Dias

Pedro has been writing online for over 10 years. With experience in all things programming, cyber security, and compliance, he is our editor-in-chief at Axipro.

Blog Highlights

Explore More Articles

One in five organizations has already suffered a breach traced back to shadow AI. Meanwhile, 63% of breached organizations either have no AI governance policy at all or are still drafting one. Below is a complete, copy-ready shadow AI policy template with twelve sections, plus guidance on adapting it for your company size, your industry, and the regulatory frameworks you answer to. The template assumes one hard truth up front: your employees are already using unapproved AI tools. A policy that pretends adoption hasn’t started yet fails on day one, so this one starts from the assumption that it has. What Is a Shadow AI Policy? A shadow AI policy is a formal document that defines how your organization discovers, evaluates, approves, and governs AI tools that employees adopt outside official IT channels. The term borrows from shadow IT, the older problem of unsanctioned software and hardware, but the AI version carries sharper risks: data pasted into a public model may be retained, used for training, or exposed in ways the organization can’t reverse. The policy does three jobs: it separates approved use from unapproved use, gives employees a fast and visible way to request new tools so the sanctioned route beats the workaround, and spells out what happens when someone crosses the line, including how the organization detects it and responds. Shadow AI Policy vs. General AI Acceptable Use Policy Many organizations already have an AI acceptable use policy (AUP) and assume it covers shadow AI. It usually doesn’t. An AUP tells employees how to behave inside approved tools. A shadow AI policy governs the tools themselves: which ones exist in your environment, which ones are allowed, and what happens with the rest. You need both. The AUP handles conduct; the shadow AI policy handles inventory and control. If you only have room for one document, fold the AUP’s data-handling rules into Section 6 of the template below. Let Axipro help you build a business continuity plan that’s practical, compliant, and audit-ready. Strengthen Your Business Continuity Strategy​ Schedule A Consultation The Shadow AI Policy Template (Download Link and Copy-Ready Sections) We’ve created a compliance safe template for Shadow AI Policy, use the link below to create a copy and customize for your company: Download The Shadow AI Policy Template → Copy the sections below into your policy management system and replace the bracketed placeholders. The language is plain on purpose. Legalese gets skimmed. Section 1: Purpose and Scope This policy governs the acquisition, approval, and use of artificial intelligence tools, features, and services at [Company]. It applies to all employees, contractors, interns, and third parties with access to [Company] systems or data. It covers standalone AI applications, AI features embedded in existing software, browser extensions, AI agents, APIs, and personal AI accounts used for work purposes, on both corporate and personal devices. The purpose of this policy is to enable productive AI use while protecting [Company] data, customers, and legal obligations. This policy does not prohibit AI. It prohibits ungoverned AI. That last sentence matters. Employees read the purpose statement first, and it decides whether they see the policy as an enabler or a blocker. Section 2: Definitions and Terminology Shadow AI: any AI tool, feature, agent, or service used for work purposes without formal approval under this policy. Approved AI Tool: an AI tool listed in the Approved AI Tools Registry (Section 4) and used under a [Company]-managed account. Personal AI Account: an account on any AI service registered to a personal email address or paid for personally. AI Feature: AI functionality embedded within otherwise approved software (e.g., an AI assistant added to a project management tool), which requires separate evaluation. Sensitive Data: data classified as [Confidential] or [Restricted] under [Company]‘s data classification policy, including the prohibited data classes in Section 6. Define “AI feature” explicitly. Vendors now ship AI additions into already-approved SaaS products every month, and without this definition, those features inherit approval they never earned. Section 3: Roles and Responsibilities The CISO (or designated security lead) owns this policy, maintains the Approved AI Tools Registry, and runs the approval workflow. Department heads ensure their teams know the policy and surface tool requests rather than suppressing them. Legal and Compliance review tools that touch regulated data or fall under the EU AI Act, GDPR, HIPAA, or client contractual restrictions. IT operates detection and monitoring controls (Section 9). Every employee is responsible for using only approved tools for work, reporting unapproved AI use they discover, and requesting new tools through the workflow in Section 7 rather than adopting them directly. Insider Note: In organizations under roughly 200 people, the “CISO” in this section is often the same overworked IT lead who manages laptops. Name a real person, not a title that doesn’t exist yet. A policy that assigns duties to a phantom role is unenforceable, and auditors notice. Section 4: Approved AI Tools Registry [Company] maintains a registry of approved AI tools at [location/URL]. For each tool, the registry records: tool name and vendor, approved use cases, prohibited use cases, permitted data classes, account type (enterprise/team/individual), data retention and training settings, risk tier (Section 5), approval date, and next review date. Only tools listed in the registry may be used for work. Tools not listed are unapproved by default. The registry is reviewed [quarterly]. Keep the registry somewhere employees actually look, such as your intranet homepage or IT help center, not buried in a GRC platform they can’t access. An invisible registry recreates the problem the policy exists to fix. Section 5: Risk Tier Classification (Low, Medium, High) Each tool in the registry is assigned a risk tier. Low: the tool processes only public or internal non-sensitive data, runs under an enterprise agreement with training opt-out, and produces output that a human reviews before use. Approval by IT Security alone. Medium: the tool processes internal business data or connects to [Company] systems via API or integration. Approval by IT Security plus the data owner. High: the

Legacy threat modeling frameworks such as STRIDE were designed for software that behaves the same way over and over again. Agentic AI does no such thing. It can rewrite its own plan mid-task, call external tools, negotiate with other agents, and produce a different output from identical input. MAESTRO exists because none of the legacy threat modeling frameworks were built to handle that. MAESTRO stands for Multi-Agent Environment, Security, Threat, Risk, and Outcome. It is a seven-layer threat modeling framework created specifically for agentic AI systems, and it has become the closest thing the industry has to a standard method for reasoning about agent security. Understanding MAESTRO in the Context of Agentic AI What MAESTRO Stands For Each word in the acronym carries meaning. Multi-Agent Environment signals that the framework models entire ecosystems of interacting agents, not a single model behind an API. Security, Threat, Risk covers the core discipline: identifying attack surfaces, cataloging threats, and assessing likelihood and impact. Outcome is the part most frameworks skip. MAESTRO asks what an attack actually produces in the real world, because an autonomous agent with tool access turns a compromised prompt into a compromised action. The Origin of MAESTRO (Cloud Security Alliance) The Cloud Security Alliance published MAESTRO in February 2025. Its creator is Ken Huang, Co-Chair of the CSA AI Safety Working Groups and CEO of DistributedApps.ai. The CSA has since applied the framework publicly to real systems, including OpenAI’s Responses API and Google’s A2A protocol, which gives practitioners worked examples rather than just theory. The framework is openly published, and the CSA maintains an official companion tool, the MAESTRO Threat Analyzer, on GitHub. SOC 2, ISO 27001 and HIPAA done for you. Fixed fee, 100% audit pass rate. Audit-ready in 6 weeks. Not 6 months. Schedule Free Assessment Why Traditional Frameworks Fall Short for Agentic AI STRIDE, PASTA, LINDDUN, and OCTAVE all share a founding assumption: the system under analysis follows predictable logic with clearly defined boundaries. You draw the data flow diagram, mark the trust boundaries, and enumerate threats against components that behave deterministically. Agentic AI breaks every part of that assumption. Unique Security Challenges of Autonomous Agents Agents introduce three properties that legacy models cannot express. Non-determinism means the same input can produce different behavior, so you cannot enumerate execution paths in advance. Autonomy means the agent makes decisions and takes actions without a human approving each step, which collapses the usual assumption that a person sits between intent and execution. And in multi-agent systems there is often no stable trust boundary: agents delegate to other agents, consume tool outputs from external servers via protocols like the Model Context Protocol (MCP), and update their own memory and goals at runtime. The Gap Between Legacy Frameworks and Agent-Based Systems The practical consequence is coverage gaps. STRIDE has no category for goal manipulation, where an attacker gradually steers what an agent is trying to achieve. PASTA assumes attacker objectives and data flows are fixed, which fails for systems that learn and adapt during operation. LINDDUN addresses privacy but says nothing about agent collusion or memory poisoning. A threat model built purely on these frameworks will pass review and still miss the attacks that matter most in an agentic deployment. How MAESTRO Addresses Agentic-Specific Risks MAESTRO does not discard the older frameworks. It extends them with a layered reference architecture, an AI-specific threat catalog for each layer, and, critically, explicit analysis of how threats propagate between layers. That cross-layer lens is the framework’s real contribution, because most serious agentic incidents are chains: poisoned data influences a model, the model misleads an agent, and the agent takes an unauthorized action three layers away from where the attack started. The Seven Layers of the MAESTRO Framework MAESTRO decomposes any agentic system into seven layers, each with its own threat landscape. Layer 1: Foundation Models The core LLMs or other models the agents reason with. Threats here include adversarial examples, model extraction, backdoored weights, and jailbreaks that bypass safety training. If the model is a third-party API, supply chain risk lives at this layer too. Layer 2: Data Operations Everything the agent ingests, stores, and retrieves: training data, RAG pipelines, vector databases, and agent memory. Data poisoning and memory tampering are the signature threats at this layer, and they are especially dangerous because a poisoned memory persists across sessions and keeps shaping future decisions long after the initial attack. Layer 3: Agent Frameworks The orchestration software that turns a model into an agent: LangChain, CrewAI, AutoGen, custom planners, and tool-calling logic. Threats include prompt injection through tool outputs, insecure tool definitions, and manipulation of the planning loop itself. Layer 4: Deployment Infrastructure The servers, containers, and cloud services the agents run on. The CSA’s threat catalog here reads like traditional cloud security with an agentic twist: compromised container images carrying malicious agent code, Kubernetes orchestration attacks, denial of service against agent runtimes, and tampering with Infrastructure-as-Code templates that provision agent resources. Layer 5: Evaluation and Observability The systems that monitor, evaluate, and debug agent behavior. This layer is often forgotten, and attackers know it. The CSA specifically flags poisoning observability data: manipulating the telemetry fed to monitoring systems so that incidents stay hidden from security teams while malicious activity continues. Layer 6: Security and Compliance MAESTRO treats this as a vertical layer that cuts across all others: identity and access management, guardrails, policy enforcement, and compliance controls. Threats include permission escalation, guardrail bypass, and compromise of the security agents themselves in architectures where AI enforces policy on other AI. Layer 7: Agent Ecosystem The environment where agents interact with users, other agents, and marketplaces. This is where the genuinely novel threats live: agent impersonation, misleading agent capability cards, tool squatting, and collusion between agents to achieve outcomes no single agent was authorized to pursue. Insider Note: In real assessments, Layers 5 and 6 expose the maturity gap fastest. Most teams’ shipping agents can describe their model and their orchestration framework in detail, then

EU AI Act Hiring Map

AXIPRO STUDY New Study: Europe is hiring AI builders faster than AI governance professionals Axipro analyzed 3,519 AI-related job postings across eight EU countries. For every professional hired to keep AI lawful, safe and accountable, nearly seven were hired to build more of it, and the gap is widest exactly where you’d least expect. Take EU AI ACT READINESS QUIZZ 16 AI Builders : 1 AI Governors Sweden — Europe’s widest AI governance gap 3,519 Job Postings Analyzed 8 EU Countries 2 Role Categories: Builders vs Governors July 2026 Date of Job Postings Analyzed The findings Finding 1: Sweden hires 16 AI builders for every 1 person to govern them Throughout our data-set we found the same pattern across all eight countries: the more a nation hires to build AI, the less it hires to govern it. France runs eleven builders to every governor. Even Ireland, the most balanced in Europe, looks responsible mainly because the US tech giants headquartered there import global-governance discipline under overlapping DORA and AI Act pressure.  3.5→16 builders hired per governor, Europe’s most balanced country to its least. Ireland 3.5 Germany 5.7 Spain 6.0 Italy 7.1 Netherlands 7.2 Belgium 7.9 France 11.4 Sweden 16:1 0 4 8 12 16 Builders hired per AI governor Source: Axipro, 2026 Sweden has one of the strongest engineering cultures in Europe. It also carries the widest governance gap we measured: sixteen AI builders hired for every person hired to govern them. France sits close behind at eleven to one. The most balanced country, Ireland at 3.5 to one, looks responsible for a reason that has little to do with virtue. The US tech giants headquartered in Dublin import global governance discipline, and they do it under the combined weight of the AI Act and DORA, the EU financial-sector resilience regime in force since January 2025. Engineering strength does nothing to close a governance gap, and it may widen it. A country that ships AI faster produces more systems that fall under the Act’s scope and, on this evidence, fewer people positioned to document, monitor, and defend them. Being good at building AI offers no protection against governing it badly. The countries most confident in their technical talent are running the largest deficit against the law. Explore AI governance hiring by country Click any country to see how many AI builders it hires for every governance professional, and where it ranks against the rest of Europe. Germany — 5.7 builders per governorDE France — 11.4 builders per governorFR Spain — 6.0 builders per governorES Italy — 7.1 builders per governorIT Netherlands — 7.2 builders per governorNL Belgium — 7.9 builders per governorBE Ireland — 3.5 builders per governorIE Sweden — 16 builders per governorSE 3.5 — balanced 16 — widest gap Source: Axipro, 2026 Sweden 16builders for every governance professional Rank 1 of 8 · 20 governance roles vs 319 builder roles posted Only 30% of the AI governance roles name the AI Act Share this Embed this map Copy & paste — links back to Axipro Copy embed code Branded, one paste, backlink included. × Share this country insight Share this AI governance gap X / Twitter LinkedIn Facebook WhatsApp Bluesky Email Copy link Choose a platform or copy the link. A view of the same country-level dataset behind the interactive map: governance roles, builder roles, builder-to-governance ratio, and the share of governance postings that name the EU AI Act. AI governance jobs Europe statistics by country: governance roles, builder roles, builder-to-governance ratio and AI Act mention percentage. Country Governance roles Builder roles Builder-to-governance ratio AI Act mention % Sweden 20 319 16.0:1 30.0% France 39 443 11.4:1 38.5% Belgium 38 299 7.9:1 39.5% Netherlands 61 439 7.2:1 31.1% Italy 40 284 7.1:1 45.0% Spain 64 384 6.0:1 28.1% Germany 88 501 5.7:1 27.3% Ireland 96 335 3.5:1 14.6% Source: Axipro analysis of AI builder, governance and compliance job postings across eight European countries. “AI Act mention %” is the share of governance postings that explicitly name the EU AI Act. Finding 2: The law nobody names. Most AI governance jobs still do not mention the EU AI Act Europe spent years drafting the AI Act. It cleared the European Parliament, survived the Digital Omnibus revisions, and now carries penalties that reach €35 million or 7% of global turnover for the most serious breaches, a ceiling that makes GDPR fines look modest. Yet fewer than three in ten of the governance roles created to handle it actually name the law in the job description. Among builder roles, the figure collapses to one in twenty-five. More than 7 in 10 Governance job descriptions do not mention the EU AI Act. This number rises to 9 in 10 for all AI job descriptions. Despite hiring for governance, risk, privacy, and compliance roles, most employers are not yet translating the EU AI Act into explicit job requirements. That disconnect should stop you. The people being hired to make Europe compliant are, for the most part, not being hired against the Act by name. They are titled around adjacent ideas: risk, ethics, model validation, data protection. Some of that work will map onto the Act’s requirements. Much of it will not, because a role written without the regulation in view rarely produces the conformity assessments, technical documentation, and human-oversight structures the Act specifically demands. Readiness is even thinner than the headcount suggests. Simply counting governance hires overstates how many people are actually working the law. What job descriptions actually name The EU AI Act is visible in governance roles — but still absent from most job ads. Across the laws and frameworks most relevant to AI governance hiring, the EU AI Act appears in fewer than three in ten governance postings, and only 4% of builder postings. Law or framework Governance roles naming it Builder roles naming it All roles naming it Governance mentions EU AI Act 28.5% 4.0% 7.6% 127 GDPR 26.9% 5.7% 9.6% 120 ISO 27001 11.4% 1.3% 2.8% 51