Category: Regulatory Compliance

Posted on

What is Cisco’s Sovereign Critical Infrastructure?

Cisco yesterday announced what they referred to as a “significant milestone” in Europe’s journey toward digital sovereignty.

Their Sovereign Critical Infrastructure portfolio is a comprehensive, air-gapped solution designed to give European organisations full control over their digital environments – from infrastructure, through collaboration, through to data.

This will be available from the end of this month (September 2025).

Why Sovereignty Matters?

The concept of digital sovereignty is not new, but its urgency has accelerated due to the increasing geopolitical tensions, evolving compliance frameworks, and the rise of AI-powered infrastructure. Some organisations across Europe – ranging from governments to banks and healthcare providers are looking for more ways to obtain better more autonomy and control over all or aspects of their IT environments, expecially in fields such as research and development or for high wealth clients etc.

You may recall, Microsoft announced their Sovereign Cloud offering for Microsoft 365 and Azure “local” earlier this year.

The technology will enable organisations to formally meet compliance requirements by delivering solutions aligned with key foundational, EU and country certifications and standards and ultimately achieving the new European Union Cybersecurity Certification (EUCC).

Is this just on-prem Data Centers?

Yes… but no. Cisco’s new offering is not just about hosting data and compute services locally; it’s about owning the infrastructure, managing encryption, and ensuring operational resilience without external dependencies. The other important aspect is the infrastructure is managed in the same fluid ways that cloud infrastructure is managed rather than the trabdiotnal ways of managing and patching applications and updates that were familiar in on premises environments.

It will enable organisations to deploy hybrid or on premises solutions aligned with key foundational, EU and country certifications and standards and ultimately achieving the new European Union Cybersecurity Certification (EUCC).

What does Cisco’s  Sovereign Infrastructure include?

This infrastructure portfolio includes:

  • Configurable and Air-Gapped: Customers will be able to deploy the infrastructure on-premises, with full control over licensing and encryption. Cisco cannot remotely disable or update products — a major shift in trust and control.
  • Compliance-Ready: The portfolio aligns with EU and country-specific certifications, including IPv6-readiness, Common Criteria, and a roadmap toward the EU Cybersecurity Certification (EUCC).
  • Broad Coverage: It will span routing, switching, wireless, collaboration, and select endpoint devices. It will be enhanced by Cisco and Splunk’s end to end security and observability solutions.

Strategic Business Enablement

What is important to take away here is that this is not just a new product announcement. For many EU organisations it will be seen as a niche buisness enabler.

For organisations needing or wanting to  navigate true hybrid environments, address increasing regulatory pressures, and manage AI adoption, model training and AI R&D for closed systems, Cisco’s Sovereign Critical Infrastructure offers a flexible foundation for building secure, compliant, and future-ready AI and digital estates.

IDC’s commentary on this shares that they are seeing huge increases in spend (across KEY European counties) on on-premises DC infrastructure which is reinforces this shift. They say that on-prem IT is now commanding the majority of IT budgets across parts of Europe despite the overall continual rise of hybrid and cloud services models.

On-prem IT still requires connectivity. Here the importance of network sovereignty cannot be underestimated, especially for organizations responsible for critical national infrastructure. Operational resilience is key for these organizations, who seek the extra controls, protections, and autonomy that genuine digital sovereignty solutions can bring. This is especially true when it comes to network sovereignty—a challenge that few network infrastructure providers thus far have been able to address.” | IDC

Sovereignty, especially in networking, in these scenarios is essential.

Closing thoughts

Cisco’s goal is to better enable European organisations to build infrastructure that uniquely aligned to their needs whether that is hybrid cloud or descretely on-premises. The platform promises not only secure and compliant infrastructure services but also benefits from modern management, resilient and autonomous operations which is a critical capability in the AI and digitial transformation era.

More reading and source: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m09/cisco-announces-sovereign-critical-infrastructure-portfolio.html

Posted on

Is Microsoft about to kill DocuSign?

Microsoft (after months of testing) is launching native eSignature support in Microsoft Word. How does this compete and compare to wider known tools such as Adobe Sign. Where where does Microsoft eSignature support fit and who is it for?

Why? To streamline document approvals without leaving your document and without needing to pay for expensive/third party eSignature tools.

eSignature Support in Word

Microsoft Word has quietly gained a feature that is aimed to save multiple email chains, PDF exports, and “please print, sign, scan, and send back” headaches. The new eSignature capability lets you send, receive, and track legally binding signatures directly inside Word – with no third-party apps required.

Why This Matters

For years, Word has been the place where contracts, agreements, and proposals are written – but not where they’re finalised for commercial use. That final step often meant exporting to PDF, uploading to a signing platform such as Adobe Sign or DocuSign, and then re-downloading for storage. Now, that friction is gone.

With eSignature in Word, organisations can:

  • Request signatures from within the open document straight from Word or SharePoint.
  • Track progress without leaving Word.
  • Store signed copies securely in OneDrive or SharePoint.

How to use eSignature in Word

How It Works is simple:

  1. Users prepare, Co author their document as normal in Microsoft Word.
  2. Insert signature fields where needed via the new eSignature menu*
  3. Send the document for signing — recipients get a secure link to review and sign the document.
  4. Track status in real time, again, right from within Microsoft Word.
  5. Receive the signed copy automatically saved back to your chosen location.
eSignature in Word ToolBar

Note: to use eSignature in Word, a few steps are required by admins, including enabling the feature in the Microsoft 365 Admin Centre, and creating a policy for use in Intune or Office Config Centre. See more below.

Enabling eSignature Support in Office Config Centre – Required Admin rights.

eSignature Security and Compliance

Microsoft’s eSignature service is built on the same compliance and security framework as the rest of Microsoft 365, including:

  • Encryption in transit and at rest.
  • Audit trails for every signature request.
  • Integration with Microsoft Purview for governance and retention.

eSignature Workflow Support

One of the things third party eSignature  tools do well is workload integration into LOB.

Since eSignature is native to Word and Microsoft 365, Microsoft have their own native workflow support which includes:

  • Ability to trigger signature requests from Teams chats or Outlook emails.
  • Signed documents inherit your organisations existing retention and sensitivity labels.
  • Approvals can be part of a Power Automate flow for end-to-end process automation.
  • These Power Automate flows can integrate (and may already be) part of your business workflow.

Is this the end of Docusign?

I do t think so….. While Microsoft’s move might feel like the big boys taking a shot across the bow, at DocuSign, I don’t beleive this is really designed to compete (not head on anyway). In fact, just last week, DocuSign Q2 results shows it’s doubling down on its core strengths.

  1. DocuSign’s Q2 FY2026 results beat expectations, with revenue up 13% YoY to $801M.
  2. Their new Intelligent Agreement Management (IAM) platform now has over 10,000 customers, positioning DocuSign beyond “just” e-signatures, into full contract lifecycle and workflow automation — a space where Microsoft is still building capabilities.
  3. Developer and ecosystem push is strong as
    with deep integrations, AI-powered agreement workflows, and orchestration tools like Maestro built in. This is aimed squarely at enterprise developers who need more than just a signature – they want embedded, automated, and compliant agreement processes.
  4. DocuSign leads the way in multi-party signing, and signature authentication. Microsoft Word’s eSignature is convenient for those already in the 365 ecosystem and that don’t have a eSignature system today as well as those that just need relatively simple capabilities.

Will Microsoft eSignature kill off DocuSign?

I don’t think so…

For the time being, DocuSign will likely remain the go-to for regulated industries, complex workflows, and organisations that need platform-agnostic signing.

For organisations that don’t have this feature today, or use a third party tools without the need for complex integrated workflows, then this could be a viable and cosy effective solution built right into their existing flow of work.

For larger, more regulated organisations however, that already have investment, process and LOB integration with a third party eSignature tool, then this is likely not going to of immediate interest. This is due to the rich number of additional features tools like DocuSign and Adobe Sign bring including contract lifecycle management, and eSignature portals that bring more than just e-signing are in use.

The real story isn’t “Microsoft kills DocuSign”  it’s that the e-signature market is maturing. Microsoft’s entry will likely capture casual and internal signing needs, while DocuSign focuses on high-value, compliance-heavy, multi-party agreements. In other words: the pie is growing, and both players are carving out their slices.

Further info:

Microsoft Video: https://youtu.be/1S8HDKYPIA4

DocuSign: https://www.docusign.com/en-gb

Microsoft eSig: https://techcommunity.microsoft.com/blog/spblog/announcing-sharepoint-esignature-for-microsoft-word/4419681

Posted on

Understanding the EU AI Act and Microsoft’s Commitment to Compliance..

TL:DR

The EU AI Act, effective from August 2024, regulates AI systems within theEU, categorizing them into prohibited, high-risk, and limited or minimal risk. Microsoft is committed to compliance through tools like Purview Compliance Manager, continuous monitoring, data privacy measures, bias mitigation, and transparency initiatives.

Understanding the EU AI Act

The EU AI Act, effective from August 2024, is a comprehensive regulation designed to govern the development, deployment, and use of AI systems within the European Union. It categorises AI systems into three risk levels: prohibited, high-risk, and limited or minimal risk.

  • Prohibited AI Systems: These are AI applications that pose unacceptable risks, such as those that manipulate human behavior or exploit vulnerabilities of specific groups. Organisations must decommission such systems by February 2025.
  • High-Risk AI Systems: These include applications used in biometric identification, critical infrastructure, education, and law enforcement. High-risk systems are permitted but must undergo stringent compliance checks, including conformity assessments by accredited third parties or through self-assessment.
  • Limited or Minimal Risk AI Systems: These cover applications like chatbots and AI-generated content, which are generally permitted but require transparency and informed consent from users.

Key Challenges in AI Compliance

Organisations will likely face several challenges in navigating AI compliance:

  • Ensuring Continuous Compliance: AI regulations are dynamic, and organisations must continuously update their systems to remain compliant. This involves tracking regulatory changes and implementing necessary updates promptly.
  • Managing Data and Privacy: AI systems often process vast amounts of data, including sensitive information. Ensuring that AI applications do not inadvertently access or misuse sensitive data is a significant concern.
  • Addressing Bias and Inaccuracy: AI systems must be trained on diverse and representative data sets to avoid biases. Inaccurate or biased AI outputs can lead to ethical and legal issues.
  • Maintaining Transparency: Organisations must ensure that their AI systems operate transparently, providing clear information on how data is used and decisions are made.

Microsoft’s Commitment to AI Compliance

Microsoft is at the forefront of ensuring AI compliance and ethical use. Here are some key initiatives and tools that demonstrate Microsoft’s commitment:

  • Purview Compliance Manager: Part of the Microsoft Purview family, this tool helps organizations manage compliance with various regulations, including the EU AI Act. It offers templates for different regulatory requirements, enabling organizations to streamline their compliance processes.
  • Continuous Monitoring and Updates: Microsoft ensures that its AI applications, such as Microsoft 365 Copilot, are continuously monitored and updated to comply with evolving regulations. This proactive approach helps organisations stay ahead of compliance requirements.
  • Data Privacy and Security: Microsoft emphasizes robust data privacy and security measures. AI applications are designed to prevent unauthorised access to sensitive data, and tools like Data Loss Prevention (DLP) policies help safeguard information.
  • Bias Mitigation: Microsoft is committed to reducing bias in AI systems. By using diverse data sets and implementing rigorous testing protocols, Microsoft aims to ensure that its AI applications provide fair and accurate results.
  • Transparency and Accountability: Microsoft promotes transparency in AI operations. Users are informed about how their data is used, and AI systems are designed to provide clear explanations for their decisions.

Conclusion

The EU AI Act represents a significant step towards ensuring the ethical and responsible use of AI. As organisations navigate this complex regulatory landscape, Microsoft’s tools and initiatives provide valuable support in achieving compliance. By prioritising continuous monitoring, data privacy, bias mitigation, and transparency, Microsoft is helping organisations harness the power of AI while adhering to the highest standards of ethical conduct.

What organisations can do

As we move forward in this AI-driven future, it’s crucial for every organisation large and small, private and public to stay informed and proactive about regulatory compliance in this space.

If you are invested in Microsoft Technology, be that Microsoft 365 or Azure, ensure to further explore Microsoft’s extensive and comprehensive suite of tools and resources to ensure your organisation and AI connected systems are not only compliant but also ethical and transparent.

1. You can check out Microsoft AI Compliance Hub

2. Check out their YouTube video https://youtu.be/briI9LdiZuc

3. Speak to your Microsoft Partner.

Proudly powered by WordPress