AI Governance, Data Protection & GRC
Supporting organisations and public institutions in navigating AI governance, data protection, and digital risk.
For safe, resilient, and future-ready societies.
Explore the EU AI Act
Structured legal interface
This resource is being expanded. Some internal links may be added progressively. Check back soon.
Trust Insights
Videos & Articles
AI Transformation
AI Opportunity
Artificial intelligence stands as the most transformative technology since the internet and may ultimately become the most consequential technological development in human history.
As Geoffrey Hinton, often referred to as the “Godfather of AI,” has highlighted, this shift represents a fundamental change in how intelligence is created, applied, and scaled across society.
AI is set to drive efficiency across almost every industry. It accelerates scientific progress. This is a defining moment for innovation, where technology becomes a force multiplier for productivity, growth, and long-term value creation.
AI Risk
It is already reshaping how organizations operate, how risks emerge and evolve, and how societies function. Yet the scale and speed of this transformation mean that many of its implications remain poorly understood and must be properly governed.
The same capabilities that make AI powerful also create new vulnerabilities, especially where governance lags behind. AI is already amplifying cyberattacks, enabling manipulation, reinforcing echo chambers, and creating risks for public trust, institutional resilience, and national security.
The ENISA Threat Landscape 2025 confirms the scale, speed, and sophistication of this shift. AI is reshaping cyber risk, governance, and compliance, and GRC must evolve accordingly.
ART25’s Role
We help organisations and public institutions navigate this landscape with confidence by embedding ethical AI, data protection, and operational governance into real structures, decisions, and controls.
Selected Focus Areas
Strengthening the European Digital Risk Ecosystem
Driven by the likely delay in the implementation of high-risk requirements under the EU AI Act, organisations face increasing digital risk and complexity across systems and environments.
This evolving landscape requires a shift in how governance, risk, and compliance (GRC) is approached, moving from static, periodic assessments toward more continuous, technology-enabled risk monitoring and adaptive control frameworks.
We aim to contribute to strengthening the European digital risk ecosystem by supporting coordination across organisations, public institutions, and relevant stakeholders.
Tailored Keynotes on AI Governance & GRC
At ART25, our Founder Hummam Wasfi delivers keynote speeches and practical sessions on AI governance, data protection, and the future of GRC.
As AI reshapes risk and decision making, he helps organisations rethink how governance, risk, and compliance operate in practice aligning them with the realities of the AI era.
From C-suite to operational teams, his sessions break down silos between legal, IT, security, and business, translating complexity into clear, practical insight grounded in real-world experience.
Available for summits, conferences, workshops, and executive or policy discussions.
Societal Awareness (Partnerships)
ART25 contributes to informed public dialogue on AI, data protection, and cybersecurity.
We engage with academia, professional communities, and industry bodies in an advisory and educational capacity, sharing technical and regulatory insight on the challenges facing organisations and society.
Our role is to translate complex developments into clear, accessible insight that supports responsible understanding and use of technology.
We welcome collaboration across sectors where it strengthens awareness, expertise, and impact.
Implement AI with Confidence
We help you build AI systems you can stand behind. We turn the EU AI Act and ISO/IEC 42001 into governance you can actually operate, covering your own projects, your suppliers, and the platforms you rely on.
Secure Third Party Risk
Most AI and data risk originates from third-party vendors, as enterprise systems increasingly rely on AI-powered technologies. This risk must be proactively managed through contractual commitments and a structured, risk-based supplier governance framework. ART25 establishes this framework by classifying vendors based on risk and defining requirements across digital risk domains. We strengthen and negotiate contracts to embed these controls and capabilities, ensuring effective third-party risk management.
Embed AI Literacy into Organisation Governance
Equipping leadership teams and employees with the knowledge needed to understand AI risks, responsibilities, and regulatory expectations. Through targeted training and governance programs, organizations strengthen internal awareness and support compliant AI adoption.
Geoffrey Hinton’s Nobel Prize in Physics 2024 Banquet Speech. One of the most important contributors to modern AI now warning about its risks.
Credit: © Nobel Prize Outreach 2024. Production: SVT
AI is redefining risk, exposing the limits of traditional GRC models. Governance must evolve to manage velocity, volatility, and cross-domain complexity.
Services
AI Governance
Data Protection
Testimonials
-
![]()
Arne Diedrichs, Director of Internal Audit - Vattenfall GMBH
“Hummam is a dedicated and highly experienced senior data protection professional. At Vattenfall, he set up a strong data protection governance for employee data and developed and executed comprehensive GDPR training activities for the HR community.”
-
![A middle-aged man with dark hair, glasses, and a beard smiling at the camera, wearing a black shirt and a dark blazer against a plain background.]()
Jarek Finkielman, Enterprise Account Executive - Workiva
‘‘I had the pleasure of working with Hummam and saw first-hand the value he brings to organisations navigating complex GRC challenges. He has a strong ability to advise strategic accounts on best practices while also bringing a forward-looking perspective on emerging issues such as AI governance and digital risk. He’s particularly effective at engaging senior stakeholders, whether through strategic conversations or clear, well-structured software demonstrations that connect technology with real business needs’'
-
![A woman with brown hair smiling at the camera against a white background.]()
Anna Maric, Head of Operations Consumer Sales Nordic - Vattenfall AB
“If you are looking for someone who knows data protection by heart, can guide you in what the options are, comes with constructive ideas and solutions, has the right mindset and is always helpful, that is Hummam. I can highly recommend him and it’s always a pleasure working with him…”
-
![A woman with short, curly black hair and brown skin, smiling, wearing a black top with gold button details and gold hoop earrings, against a white background.]()
Karla Cardozo, Solutions Consultant Senior Manager - Workiva
‘‘During his time at Workiva, Hummam made an impact through his collaborative personality and his dedication to learning our solutions. He successfully worked through the complexities of our platform to get up to speed on the technology. His specific knowledge in AI was a notable addition to the team, and I am sure he will bring a high level of knowledge and energy to any organization he joins. I believe his insights into AI use cases and governance will be of value to any organization he supports’’
-
![A black-and-white close-up portrait of a man with glasses, a beard, and a shaved head, wearing a collared shirt.]()
Daniel Scholte Senior Security Consultant, CISM, CCSP, CCISO - Vattenfall NV
“I had the pleasure of working with Hummam on a large IT transformation program. I can confidently say that his expertise in these areas are exceptional. he has an impressive ability to navigate complex regulatory frameworks and ensure that all processes align perfectly with highest standards and best practices. Additional to his profound knowledge in data privacy, Hummam is also a skilled negotiator. He has consistently secured favorable terms while maintaining strong and positive relationships with all parties involved’’
-
![A young woman with long brown hair, bright blue eyes, and a slight smile, wearing a black high-neck shirt, against a dark background.]()
Lovisa Mannerstråle, Head of HR - EN WELL AB
I have worked with Hummam for over 1 year in a large IT transformation project. He is more than able to present highly complex situations and challenges to all level of stakeholders, and is able to combine in-depth data protection and security competence. He is a very appreciated colleague and always has a positive can do attitude bringing both energy and competencies to every situation.
-
![]()
Patrick Roscher Senior HR Professional, Certified Leadership Coach - Roscher Coaching
‘‘Working with Hummam is always a pleasure as I can confidently state that he is acting with the right mindset: being always there if needed, giving proactive advice, and at the same time always having the big picture in mind. He is solution-oriented and by that a super team player which brings any project to the next level. Also, of course, super fun, energetic, and humble, which makes it even easier to cooperate. Definitely a big win for any team and company’’
-
![A young woman with long blonde hair wearing a blue denim shirt and small hoop earrings, sitting against a plain background.]()
Neele Bohmbach, Process Manager - Vattenfall GMBH
‘‘What sets Hummam apart is his ability to connect with everyone and make work both fun and meaningful, regardless of their technical background. When leading DPIA workshops or assisting teams in incorporating data protection into projects; he transforms it into a practical experience that highlights risks while offering actionable solutions. Hummam helps the business view data protection as a strength rather than an obstacle, fostering a collective commitment to embracing it together’’
