Cybersecurity regulations, such as the NIS2 directive and the ISO 27001 standard, have become a relevant topic for many companies.
The traditional path to achieving and maintaining compliance often requires months of work, significant costs, and a substantial workload for IT and legal teams.
The matter is all the more urgent because adapting to NIS2 is becoming a legal obligation for a wide range of organizations, particularly European SMEs, under the supervision of the competent national authorities. For the entities that fall under it, it is no longer a choice, but a requirement whose non-compliance exposes them to penalties that can personally involve members of management bodies. ISO 27001, on the other hand, remains a voluntary certification, but it is one of the most recognized tools for demonstrating that the required measures are in place.
At Ex Machina, through our AI.lab, we work on the application of generative artificial intelligence to concrete problems. In this field, we collaborated on the Virgil.ia project, an AI-assisted platform that guides companies toward NIS2 and ISO 27001 certification, reducing adaptation times from months to weeks. Obtaining a certification or adapting to NIS2 standards requires mapping supply chain risks, drafting the necessary policies, and preparing the documentation for external auditors. Together with the creators of Virgilia, we wondered if it would be possible to apply our experience in analyzing complex documents with AI to automate a large part of this work. Our team of engineers and artificial intelligence specialists, based in Lugano, contributed to designing the platform’s operation. Virgilia’s ecosystem uses AI models trained on specific directives to offer automation and a seamless user experience, from analysis to certification.
The first step is the automatic gap analysis: the user uploads current company documents and Virgilia’s AI scans them, compares them with regulatory requirements, and indicates what is missing to be compliant, generating a list of prioritized tasks. This is supported by an AI consultant available at any time, who answers regulatory doubts based on updated NIS and ISO standards and assists companies in incident management and mapping the risks of critical suppliers, a central requirement of the new rules. Finally, the platform takes care of organizing and tracking the documentation, so that the auditor’s package is orderly and ready at the time of the audit. The actual certification remains the responsibility of an accredited third-party body; Virgil.ia prepares the company so that the audit is a formality.
Compared to the do-it-yourself approach or traditional consulting, the Virgil.ia method aims for a process that is up to five times faster, with an average time of about 90 days to get ready for the audit, a 75% savings on compliance-related costs, and 85% automated control. The project reflects the approach we work with at Ex Machina: transferring the repetitive document burden to machines, so that teams can focus on the strategic security of the company. To learn more about how the platform works and to request a free risk analysis, you can visit virgilia.ch.
