THE TRUTH ABOUT AI AND YOUR DATA
What no one explains before selling. If your company uses public AI with sensitive data, we can help you analyze and mitigate your regulatory exposure.
POTENTIAL REGULATORY EXPOSURE: UP TO €70+ MILLION
Before continuing reading...
Answer honestly these 3 questions:
- 1.Has any employee in your company ever uploaded a work document to public generative AI tools (according to their terms of use and configuration)?
- 2.Did that document contain customer names, employee, supplier or financial data?
- 3.Do you know exactly what happened to those data afterwards?
If you answered YES to the first two and NO to the third... Your company could be exposed to regulatory risks.
CHECKLIST: IS YOUR COMPANY AT RISK?
AI Usage
- •Employees use public generative AI tools without defined policies
- •Work documents are uploaded to these tools
- •No clear policy on AI use in the company
- •We don't know what AI tools employees use
Sensitive Data
- •We handle customer data (names, ID, emails, phones)
- •We process financial information (salaries, accounts, credits)
- •We have employee or customer health data
- •We handle contracts with confidential information
Compliance
- •We don't have an updated data protection impact assessment
- •We don't know EU AI Act requirements
- •We don't know if NIS2 or DORA applies to us
- •We have never audited AI use in the company
Result
Low risk. But keep reading to be sure.
Medium risk. You need to act soon.
High risk. You should act this week.
Elevated risk. May require priority review.
The use of public AI tools is not illegal by itself, but may require additional compliance measures depending on the context.
CALCULATOR: WHAT IS YOUR POTENTIAL EXPOSURE?
Company with €10M revenue
Company with €50M revenue
Financial company with €100M revenue
These are MAXIMUM fines according to current regulations. Actual application depends on the specific circumstances of each case.
TIMELINE: REGULATIONS ARE ALREADY HERE
| Regulation | Effective since | Status | Fines since |
|---|---|---|---|
| GDPR | Mayo 2018 | ACTIVE | Desde 2018 |
| NIS2 | Octubre 2024 | ACTIVE | Agosto 2025 |
| DORA | Enero 2025 | ACTIVE | Enero 2025 |
| EU AI Act | Agosto 2024 | PROGRESSIVE | Agosto 2025 |
Regulations are active. It is important to evaluate your compliance situation.
COMPLETE REGULATIONS MAP
GDPR
General Data Protection Regulation
Maximum fine: €20M o 4% de facturación
Applies to: Any company processing European citizens' data
EU AI Act
Artificial Intelligence Regulation
Maximum fine: €35M o 7% de facturación
Applies to: Any company using or developing AI systems
NIS2
Cybersecurity Directive
Maximum fine: €10M o 2% de facturación
Applies to: Companies in critical sectors (energy, transport, health, finance...)
DORA
Digital Operational Resilience
Maximum fine: 2% de facturación + €1M directivos
Applies to: Entire financial sector (banks, insurers, fintech)
THE SOLUTION: MIKA
Platform and APIs with automatic pseudo-anonymization
What if you could use all the power of AI to analyze documents... automatically complying with regulations?
MIKA PLATFORM
- ✓Complete ready-to-use solution
- ✓Intuitive web interface
- ✓24 specialized endpoints
- ✓Document management + Chatbot + Reasoning
MIKA APIs
- ✓Integrate into your own system
- ✓Total flexibility for developers
- ✓Multi-tenant for companies
- ✓Scalable to millions of documents
AUTOMATIC PSEUDO-ANONYMIZATION
The information presented describes potential risks according to current European regulations. The fines indicated correspond to the maximum legal amounts established by each regulation and their application depends on the specific circumstances of each case. The applicability of each regulation depends on the sector, context, and type of data processing. The existence of risk does not automatically imply sanctions. This content is for informational purposes only and does not constitute legal advice.