AI Governance, Data Protection & GRC
Supporting organisations and public institutions in navigating AI governance, data protection, and digital risk.
For safe, resilient, and future-ready societies.
Start the ConversationAI Transformation
AI Opportunity
Artificial intelligence stands as the most transformative technology since the internet and may ultimately become the most consequential technological development in human history.
As Geoffrey Hinton, often referred to as the “Godfather of AI,” has highlighted, this shift represents a fundamental change in how intelligence is created, applied, and scaled across society.
AI is set to drive efficiency across almost every industry. It accelerates scientific progress. This is a defining moment for innovation, where technology becomes a force multiplier for productivity, growth, and long-term value creation.
AI Risk
It is already reshaping how organizations operate, how risks emerge and evolve, and how societies function. Yet the scale and speed of this transformation mean that many of its implications remain poorly understood and must be properly governed.
The same capabilities that make AI powerful also create new vulnerabilities, especially where governance lags behind. AI is already amplifying cyberattacks, enabling manipulation, reinforcing echo chambers, and creating risks for public trust, institutional resilience, and national security.
The ENISA Threat Landscape 2025 confirms the scale, speed, and sophistication of this shift. AI is reshaping cyber risk, governance, and compliance, and GRC must evolve accordingly.
ART25’s Role
We help organisations and public institutions navigate this landscape with confidence by embedding ethical AI, data protection, and operational governance into real structures, decisions, and controls.
Selected Focus Areas
Strengthening the European Digital Risk Ecosystem
Driven by the likely delay in the implementation of high-risk requirements under the EU AI Act, organisations face increasing digital risk and complexity across systems and environments.
This evolving landscape requires a shift in how governance, risk, and compliance (GRC) is approached, moving from static, periodic assessments toward more continuous, technology-enabled risk monitoring and adaptive control frameworks.
We aim to contribute to strengthening the European digital risk ecosystem by supporting coordination across organisations, public institutions, and relevant stakeholders.
Tailored Keynotes on AI Governance & GRC
At ART25, our Founder Hummam Wasfi delivers keynote speeches and practical sessions on AI governance, data protection, and the future of GRC.
As AI reshapes risk and decision making, he helps organisations rethink how governance, risk, and compliance operate in practice aligning them with the realities of the AI era.
From C-suite to operational teams, his sessions break down silos between legal, IT, security, and business, translating complexity into clear, practical insight grounded in real-world experience.
Available for summits, conferences, workshops, and executive or policy discussions.
Societal Awareness (Partnerships)
ART25 contributes to informed public dialogue on AI, data protection, and cybersecurity.
We engage with academia, professional communities, and industry bodies in an advisory and educational capacity, sharing technical and regulatory insight on the challenges facing organisations and society.
Our role is to translate complex developments into clear, accessible insight that supports responsible understanding and use of technology.
We welcome collaboration across sectors where it strengthens awareness, expertise, and impact.
Implement AI with Confidence
We help you build AI systems you can stand behind. We turn the EU AI Act and ISO/IEC 42001 into governance you can actually operate, covering your own projects, your suppliers, and the platforms you rely on.
Secure Third Party Risk
Most AI and data risk originates from third-party vendors, as enterprise systems increasingly rely on AI-powered technologies. This risk must be proactively managed through contractual commitments and a structured, risk-based supplier governance framework. ART25 establishes this framework by classifying vendors based on risk and defining requirements across digital risk domains. We strengthen and negotiate contracts to embed these controls and capabilities, ensuring effective third-party risk management.
Embed AI Literacy into Organisation Governance
Equipping leadership teams and employees with the knowledge needed to understand AI risks, responsibilities, and regulatory expectations. Through targeted training and governance programs, organizations strengthen internal awareness and support compliant AI adoption.
Geoffrey Hinton’s Nobel Prize in Physics 2024 Banquet Speech. One of the most important contributors to modern AI now warning about its risks.
Credit: © Nobel Prize Outreach 2024. Production: SVT
AI is redefining risk, exposing the limits of traditional GRC models. Governance must evolve to manage velocity, volatility, and cross-domain complexity.
Services
AI Governance
Data Protection
ART25
Strategic Initiatives
AI Governance Leadership Council
Strategic governance dialogue bringing together leaders across AI, cybersecurity, privacy, risk, compliance, resilience, audit, and enterprise governance.
Council Framework
Why Participate
Gain practical insights, lessons learned, and operational perspectives from senior leaders navigating AI governance, cybersecurity, privacy, legal, and risk challenges across industries.
Participate in trusted and open discussions around frontier AI, regulatory uncertainty, cyber threats, digital sovereignty, and emerging governance risks shaping the future of organisations and society.
Validate assumptions, challenge blind spots, and refine governance approaches through constructive discussions with experienced practitioners operating across complex digital environments.
Build stronger awareness of evolving regulations, AI standards, geopolitical developments, and emerging forms of operational and systemic risk impacting AI adoption globally.
Strategic Purpose
A trusted senior expert community that exchanges lessons learned, validates assumptions, and advances practical AI governance across organisational boundaries.
Contributors and Speakers
Selected contributors and speakers share practical insight, scientific perspective, regulatory experience, technical expertise, and operational lessons with senior governance leaders across industries.
ART25 ECP — Enterprise Control Platform
AI-enabled GRC platform designed for the age of AI risk, streamlining operations across the first, second, and third lines of defense.
Ongoing Initiative
In DevelopmentOperationalizing AI governance for the AI era
Strategic Governance Initiative
Designed for organisations preparing for the realities of advanced AI systems, interconnected enterprise risk, cyber disruption, and continuous regulatory accountability.
Core Domains
Cross-Domain Risk Management
Coordinating risk visibility and management across AI, cyber, operational, supplier, and regulatory domains.
Operating Themes
Strengthening the organisation’s ability to withstand cyber disruption, operational instability, and the rapidly evolving digital risk landscape driven by AI transformation, interconnected systems, and emerging frontier AI capabilities.
Enabling organisations to identify, prioritise, and address operational, regulatory, supplier, cybersecurity, and AI-related risks before they escalate into disruption while supporting smarter operational and investment decisions during digital and AI transformation.
Providing tailored visibility, transparency, and accountability across governance, risk, compliance, security, audit, and operational functions so every line of defense can focus on what matters most within their role and responsibilities.
Creating reliable, governed, and connected data that improves oversight, strengthens decision-making, and enables organisations to safely and effectively leverage AI capabilities at scale.
Engagement through strategic collaboration. Selected partnership with organisations advancing operational AI capabilities, enterprise resilience, and next generation governance.
Testimonials
-
![]()
Arne Diedrichs, Director of Internal Audit - Vattenfall GMBH
“Hummam is a dedicated and highly experienced senior data protection professional. At Vattenfall, he set up a strong data protection governance for employee data and developed and executed comprehensive GDPR training activities for the HR community.”
-
![A middle-aged man with dark hair, glasses, and a beard smiling at the camera, wearing a black shirt and a dark blazer against a plain background.]()
Jarek Finkielman, Enterprise Account Executive - Workiva
‘‘I had the pleasure of working with Hummam and saw first-hand the value he brings to organisations navigating complex GRC challenges. He has a strong ability to advise strategic accounts on best practices while also bringing a forward-looking perspective on emerging issues such as AI governance and digital risk. He’s particularly effective at engaging senior stakeholders, whether through strategic conversations or clear, well-structured software demonstrations that connect technology with real business needs’'
-
![A woman with brown hair smiling at the camera against a white background.]()
Anna Maric, Head of Operations Consumer Sales Nordic - Vattenfall AB
“If you are looking for someone who knows data protection by heart, can guide you in what the options are, comes with constructive ideas and solutions, has the right mindset and is always helpful, that is Hummam. I can highly recommend him and it’s always a pleasure working with him…”
-
![A woman with short, curly black hair and brown skin, smiling, wearing a black top with gold button details and gold hoop earrings, against a white background.]()
Karla Cardozo, Solutions Consultant Senior Manager - Workiva
‘‘During his time at Workiva, Hummam made an impact through his collaborative personality and his dedication to learning our solutions. He successfully worked through the complexities of our platform to get up to speed on the technology. His specific knowledge in AI was a notable addition to the team, and I am sure he will bring a high level of knowledge and energy to any organization he joins. I believe his insights into AI use cases and governance will be of value to any organization he supports’’
-
![A young woman with long brown hair, bright blue eyes, and a slight smile, wearing a black high-neck shirt, against a dark background.]()
Lovisa Mannerstråle, Head of HR - EN WELL AB
I have worked with Hummam for over 1 year in a large IT transformation project. He is more than able to present highly complex situations and challenges to all level of stakeholders, and is able to combine in-depth data protection and security competence. He is a very appreciated colleague and always has a positive can do attitude bringing both energy and competencies to every situation.
-
![Black and white photo of a smiling man in business attire outside.]()
Fredrik Lindén - Cofounder of MyData.org
‘‘The drive and his competence within several compliance areas including but not limited to GDPR was remarkable. He was a key leader and resource not only to his department but to the entire compliance team’’
-
![A black-and-white close-up portrait of a man with glasses, a beard, and a shaved head, wearing a collared shirt.]()
Daniel Scholte Senior Security Consultant, CISM, CCSP, CCISO - Vattenfall NV
“I had the pleasure of working with Hummam on a large IT transformation program. I can confidently say that his expertise in these areas are exceptional. he has an impressive ability to navigate complex regulatory frameworks and ensure that all processes align perfectly with highest standards and best practices. Additional to his profound knowledge in data privacy, Hummam is also a skilled negotiator. He has consistently secured favorable terms while maintaining strong and positive relationships with all parties involved’’
-
![]()
Patrick Roscher Senior HR Professional, Certified Leadership Coach - Roscher Coaching
‘‘Working with Hummam is always a pleasure as I can confidently state that he is acting with the right mindset: being always there if needed, giving proactive advice, and at the same time always having the big picture in mind. He is solution-oriented and by that a super team player which brings any project to the next level. Also, of course, super fun, energetic, and humble, which makes it even easier to cooperate. Definitely a big win for any team and company’’
-
![A young woman with long blonde hair wearing a blue denim shirt and small hoop earrings, sitting against a plain background.]()
Neele Bohmbach, Process Manager - Vattenfall GMBH
‘‘What sets Hummam apart is his ability to connect with everyone and make work both fun and meaningful, regardless of their technical background. When leading DPIA workshops or assisting teams in incorporating data protection into projects; he transforms it into a practical experience that highlights risks while offering actionable solutions. Hummam helps the business view data protection as a strength rather than an obstacle, fostering a collective commitment to embracing it together’’
