EU AI Act | Online Training, Exam, Certificate of Completion
Become an Artificial Intelligence Act Trained Professional (AIActTPro)
Objectives
The program has been designed to provide with the skills needed to understand and support compliance with the Artificial Intelligence Act - Regulation (EU) 2024/1689.
It also equips professionals with the skills needed to pass the Artificial Intelligence Act Trained Professional (AIActTPro) exam and earn the Certificate of Completion. This certificate serves as independent evidence to firms and organizations that these professionals have a verifiable understanding of the subject matter.
Target Audience
The target audience is broad and encompasses various stakeholders involved in the development, deployment, and use of AI within the EU. This training program is beneficial to the following professionals:
a) Executives and senior managers integrating compliance into business strategies, balancing innovation with regulatory adherence.
b) Product and project managers, responsible for integrating and overseeing the development and implementation of AI systems, ensuring compliance with regulatory requirements, and managing associated risks.
c) Risk and compliance managers, auditors, and consultants, responsible for identifying, assessing, and managing risks associated with AI systems. Also, those who implement risk management frameworks in alignment with regulatory requirements, or are involved in compliance documentation and preparation for regulatory reviews.
d) Legal professionals, managers, and consultants who provide advice on compliance with the AI Act, as well as those drafting policies and contracts to mitigate legal risks associated with AI.
e) IT and data governance managers and consultants, overseeing the IT infrastructure and data governance practices, ensuring alignment with the AI Act. Professionals implementing data privacy and security standards in AI applications.
The program is beneficial to managers and consultants working for:
(a) providers, putting into service in EU or placing on the EU market AI systems and AI models, irrespective of whether those providers are established or located within the Union or in a third country.
(b) deployers of AI systems that have their place of establishment or are located within the EU.
(c) providers and deployers of AI systems that have their place of establishment or are located in a third country, where the output produced by the AI system is used in the EU.
(d) importers and distributors of AI systems.
(e) product manufacturers placing on the market or putting into service AI systems together with their products and under their own name or trademark.
(f) authorised representatives of providers, which are not established in the EU.
(g) operators of AI systems, especially high-risk AI systems.
According to Article 3 of the AI Act:
“Provider” means a natural or legal person, public authority, agency or other body that develops an AI system or a general-purpose AI model or that has an AI system or a general-purpose AI model developed and places it on the market or puts the AI system into service under its own name or trademark, whether for payment or free of charge.
“Deployer” means a natural or legal person, public authority, agency or other body using an AI system under its authority except where the AI system is used in the course of a personal non-professional activity.
“Authorised representative” means a natural or legal person located or established in the Union who has received and accepted a written mandate from a provider of an AI system or a general-purpose AI model to, respectively, perform and carry out on its behalf the obligations and procedures established by this Regulation.
“Importer” means a natural or legal person located or established in the Union that places on the market an AI system that bears the name or trademark of a natural or legal person established in a third country.
“Distributor” means a natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market.
“Operator” means a provider, product manufacturer, deployer, authorised representative, importer or distributor.
NIS 2, CER, and the AI Act
The program is also beneficial to managers and consultants implementing the NIS 2 Directive (Directive (EU) 2022/2555) and the Critical Entities Resilience Directive (CER, Directive (EU) 2022/2557).
According to Article 9.10 of the AI Act: “For providers of high-risk AI systems that are subject to requirements regarding internal risk management processes under other relevant provisions of Union law, the aspects provided in paragraphs 1 to 9 may be part of, or combined with, the risk management procedures established pursuant to that law.”
NIS 2 and the AI Act, common implementation examples:
a. Risk Management. NIS 2 emphasizes risk management processes, requiring organizations to implement measures to prevent and mitigate cybersecurity incidents. The AI Act focuses on risk management for AI systems, including cybersecurity, testing, documentation, and mitigation strategies.
b. Incident Reporting and Response. NIS 2 requires entities to report significant cybersecurity incidents within 24 hours. The AI Act includes provisions for monitoring and reporting cybersecurity incidents related to AI systems.
c. Governance and Accountability. NIS 2 establishes clear responsibilities for senior management in ensuring compliance with cybersecurity measures and reporting. The AI Act asks for robust governance frameworks, including accountability mechanisms and documentation practices to demonstrate compliance.
d. Data Protection and Security. NIS 2 stresses the importance of securing network and information systems to protect data integrity, availability, and confidentiality. The AI Act requires high-risk AI systems to incorporate measures ensuring data quality and data governance.
Is data poisoning (as described in the Artificial Intelligence Act) an important challenge for experts implementing the NIS 2 Directive too?
Data poisoning is a form of attack on machine learning (ML) systems where adversaries intentionally manipulate the training data to influence a model's behavior.
Backdoor Attacks are data poisoning attacks where adversaries manipulate the training data to embed a hidden backdoor within the model. This backdoor remains dormant during normal operations but activates in the presence of a specific trigger, leading to malicious behavior.
Example 1: AI-based spam filters are advanced systems designed to detect and block unwanted email messages, using artificial intelligence and machine learning techniques. These filters analyze various attributes and patterns within emails to determine their likelihood of being spam or unwanted. By poisoning the training data of spam filters and introducing specific words or patterns as safe, adversaries can bypass detection and conduct phishing attacks or deliver malware.
Example 2: AI-based Intrusion Detection Systems (IDS) are designed to identify and respond to potential security threats within a network by analyzing data and recognizing patterns indicative of malicious activities. If an AI-based IDS is trained with mislabeled data (poisoned data), and actual threats are labeled as safe, the IDS would fail to detect and alert on real attacks, allowing cybercriminals to bypass defenses.
Example 3: AI-based surveillance systems utilize AI and machine learning technologies to monitor, analyze, and interpret data from various sensors and cameras. These systems are designed to detect and respond to potential security threats in real-time by automatically recognizing patterns, identifying anomalies, and alerting security personnel to suspicious activities.
In AI data poisoning attacks, adversaries alter sensor data in AI-based surveillance systems to hide certain activities. Data poisoning corrupts the learning process of machine learning models by introducing poisoned data during the training phase. This causes the models to learn incorrect patterns, leading to faulty decision-making during real-time surveillance. By disabling alerts when certain patterns are detected, attackers can bypass systems and exfiltrate data without raising alarms.
In cases where AI systems are used in sectors covered by NIS 2 (e.g., healthcare, energy etc.), entities must comply with both, NIS 2 and the AI Act. They must leverage cybersecurity measures to support AI risk management and vice versa. These entities need a holistic approach to compliance, integrating cybersecurity and AI risk management practices.
Course Synopsis.
Introduction.
- The Artificial Intelligence Act Trained Professional (AIActTPro) exam.
- The certificate of completion.
Part 1 - The European Union. Key institutions, the EU legislative process, the roles.
- The decision-making institutions.
- The European Commission, the most important institution for risk and compliance professionals.
- The European Council.
- The Council of the European Union.
- The European Parliament (Brussels / Strasbourg / Luxembourg).
- Legal acts after the Treaty of Lisbon.
- Delegated acts.
- Implementing acts.
- Regulatory technical standards (RTS).
- Implementing technical standards (ITS).
- How does the legislative process work?
- The European Data Protection Supervisor.
- The European Data Protection Board.
- Diplomatic service, Foreign Affairs, Security Policy, Defence.
- The European Network and Information Security Agency (ENISA).
- After NIS and NIS 2.
- The NIS Cooperation Group.
- The High-Level Expert Group on Artificial Intelligence (AI HLEG).
- Ethics Guidelines for Trustworthy AI.
- The European AI Office.
Part 2 - Artificial intelligence, the challenges and the opportunities.
- Machine learning.
- Synthetic Data.
- Machine learning and cybersecurity.
- AI and Prevention.
- AI, Detection and Response.
- Interpretation and risks.
- Case Study. Morgan Stanley, AI and Cybersecurity: A New Era.
- Case Study. Bosch.
Part 3 - Artificial Intelligence in the European legal system.
- Civil Rights, Human Rights, Fundamental Rights.
- Charter of Fundamental Rights of the European Union.
- Legal Obligations, Rights to Compensation, Consumer Rights.
- The Right to Information, the Right to Privacy.
- High-Level Expert Group, Ethics Guidelines for Trustworthy AI (2019).
- Ethics Guidelines for Trustworthy AI.
- 2030 Digital Compass: the European way for the Digital Decade.
Part 4 – The Artificial Intelligence Act.
Chapter 1, General Provisions.
- Article 1, Subject matter.
- Article 2, Scope.
- Article 3, Definitions.
- Article 4, AI literacy.
Chapter 2, Prohibited AI Practices.
- Article 5, Prohibited AI practices.
Chapter 3, High-Risk AI Systems.
Section 1, Classification of AI systems as high-risk.
- Article 6, Classification rules for high-risk AI systems.
- Article 7, Amendments to Annex III.
Section 2, Requirements for high-risk AI systems.
- Article 8, Compliance with the requirements.
- Article 9, Risk management system.
- Article 10, Data and data governance.
- Article 11, Technical documentation.
- Article 12, Record-keeping.
- Article 13, Transparency and provision of information to deployers.
- Article 14, Human oversight.
- Article 15, Accuracy, robustness and cybersecurity.
Section 3, Obligations of providers and deployers of high-risk AI systems and other parties.
- Article 16, Obligations of providers of high-risk AI systems.
- Article 17, Quality management system.
- Article 18, Documentation keeping.
- Article 19, Automatically generated logs.
- Article 20, Corrective actions and duty of information.
- Article 21, Cooperation with competent authorities.
- Article 22, Authorised representatives of providers of high-risk AI systems.
- Article 23, Obligations of importers.
- Article 24, Obligations of distributors.
- Article 25, Responsibilities along the AI value chain.
- Article 26, Obligations of deployers of high-risk AI systems.
- Article 27, Fundamental rights impact assessment for high-risk AI systems.
Section 4, Notifying authorities and notified bodies.
- Article 28, Notifying authorities.
- Article 29, Application of a conformity assessment body for notification.
- Article 30, Notification procedure.
- Article 31, Requirements relating to notified bodies.
- Article 32, Presumption of conformity with requirements relating to notified bodies.
- Article 33, Subsidiaries of notified bodies and subcontracting.
- Article 34, Operational obligations of notified bodies.
- Article 35, Identification numbers and lists of notified bodies.
- Article 36, Changes to notifications.
- Article 37, Challenge to the competence of notified bodies.
- Article 38, Coordination of notified bodies.
- Article 39, Conformity assessment bodies of third countries.
Section 5, Standards, conformity assessment, certificates, registration.
- Article 40, Harmonised standards and standardisation deliverables.
- Article 41, Common specifications.
- Article 42, Presumption of conformity with certain requirements.
- Article 43, Conformity assessment.
- Article 44, Certificates.
- Article 45, Information obligations of notified bodies.
- Article 46, Derogation from conformity assessment procedure.
- Article 47, EU declaration of conformity.
- Article 48, CE marking.
- Article 49, Registration.
Chapter IV, Transparency Obligations for providers and Deployers of Certain AI Systems.
- Article 50, Transparency obligations for providers and deployers of certain AI systems.
Chapter V, General-Purpose AI Models.
Section 1, Classification rules.
- Article 51, Classification of general-purpose AI models as general-purpose AI models with systemic risk.
- Article 52, Procedure.
Section 2, Obligations for providers of general-purpose AI models.
- Article 53, Obligations for providers of general-purpose AI models.
- Article 54, Authorised representatives of providers of general-purpose AI models.
Section 3, Obligations of providers of general-purpose AI models with systemic risk.
- Article 55, Obligations of providers of general-purpose AI models with systemic risk.
Section 4, Codes of practice.
- Article 56, Codes of practice.
Chapter VI, Measures in Support of Innovation.
- Article 57, AI regulatory sandboxes.
- Article 58, Detailed arrangements for, and functioning of, AI regulatory sandboxes.
- Article 59, Further processing of personal data for developing certain AI systems in the public interest in the AI regulatory sandbox.
- Article 60, Testing of high-risk AI systems in real world conditions outside AI regulatory sandboxes.
- Article 61, Informed consent to participate in testing in real world conditions outside AI regulatory sandboxes.
- Article 62, Measures for providers and deployers, in particular SMEs, including start-ups.
- Article 63, Derogations for specific operators.
Chapter VII, Governance.
Section 1, Governance at Union level.
- Article 64, AI Office.
- Article 65, Establishment and structure of the European Artificial Intelligence Board.
- Article 66, Tasks of the Board.
- Article 67, Advisory forum.
- Article 68, Scientific panel of independent experts.
- Article 69, Access to the pool of experts by the Member States.
Section 2, National competent authorities.
- Article 70, Designation of national competent authorities and single points of contact.
Chapter VIII, EU Database for High-Risk AI Systems.
- Article 71, EU database for high-risk AI systems listed in Annex III.
Chapter IX, Post-Market Monitoring, Information Sharing and Market Surveillance.
Section 1, Post-market monitoring.
- Article 72, Post-market monitoring by providers and post-market monitoring plan for high-risk AI systems.
Section 2, Sharing of information on serious incidents.
- Article 73, Reporting of serious incidents.
Section 3, Enforcement.
- Article 74, Market surveillance and control of AI systems in the Union market.
- Article 75, Mutual assistance, market surveillance and control of general-purpose AI systems.
- Article 76, Supervision of testing in real world conditions by market surveillance authorities.
- Article 77, Powers of authorities protecting fundamental rights.
- Article 78, Confidentiality.
- Article 79, Procedure at national level for dealing with AI systems presenting a risk.
- Article 80, Procedure for dealing with AI systems classified by the provider as non-high-risk in application of Annex III.
- Article 81, Union safeguard procedure.
- Article 82, Compliant AI systems which present a risk.
- Article 83, Formal non-compliance.
- Article 84, Union AI testing support structures.
Section 4, Remedies.
- Article 85, Right to lodge a complaint with a market surveillance authority.
- Article 86, Right to explanation of individual decision-making.
- Article 87, Reporting of infringements and protection of reporting persons.
Section 5, Supervision, investigation, enforcement and monitoring in respect of providers of general-purpose AI models.
- Article 88, Enforcement of the obligations of providers of general-purpose AI models.
- Article 89, Monitoring actions.
- Article 90, Alerts of systemic risks by the scientific panel.
- Article 91, Power to request documentation and information.
- Article 92, Power to conduct evaluations.
- Article 93, Power to request measures.
- Article 94, Procedural rights of economic operators of the general-purpose AI model.
Chapter X, Codes of Conduct and Guidelines.
- Article 95, Codes of conduct for voluntary application of specific requirements.
- Article 96, Guidelines from the Commission on the implementation of this Regulation.
Chapter XI, Delegation of Power and Committee Procedure.
- Article 97, Exercise of the delegation.
- Article 98, Committee procedure.
Chapter XII, Penalties.
- Article 99, Penalties.
- Article 100, Administrative fines on Union institutions, bodies, offices and agencies.
- Article 101, Fines for providers of general-purpose AI models.
Chapter XIII, Final Provisions.
- Article 102, Amendment to Regulation (EC) No 300/2008.
- Article 103, Amendment to Regulation (EU) No 167/2013.
- Article 104, Amendment to Regulation (EU) No 168/2013.
- Article 105, Amendment to Directive 2014/90/EU.
- Article 106, Amendment to Directive (EU) 2016/797.
- Article 107, Amendment to Regulation (EU) 2018/858.
- Article 108, Amendments to Regulation (EU) 2018/1139.
- Article 109, Amendment to Regulation (EU) 2019/2144.
- Article 110, Amendment to Directive (EU) 2020/1828.
- Article 111, AI systems already placed on the market or put into service and general-purpose AI models already placed on the marked.
- Article 112, Evaluation and review.
- Article 113, Entry into force and application.
Part 5 – The Framework for AI Cybersecurity Practices (FAICP framework).
- The Framework from the European Union Agency for Cybersecurity (ENISA).
Layer I (cybersecurity foundations).
- 1. Security management of the ICT infrastructure hosting AI systems.
- 2. Security management.
- 3. Cybersecurity certification.
- 4. Cybersecurity legislation and policies that affect AI systems.
Layer II (AI-specific).
- 1. AI legislation.
- 2. Types of AI.
- 3. AI assets and procedures.
- 4. AI threat assessment.
- 5. AI security management.
- 6. AI-related standards.
- 7. Ethical and trustworthy AI.
- 8. Tools.
- 9. Networks and initiatives.
Layer III (Sectoral AI).
- Energy.
- Health.
- Automotive.
- Telecommunications.
Part 6 – Introduction to the NIST Artificial Intelligence Risk Management Framework (AI RMF).
- The US National Artificial Intelligence Initiative Act of 2020.
- AI RMF 1.0.
- Artificial Intelligence Risk Management.
- Part 1: Foundational Information.
- Part 2: Core and Profiles.
- The GOVERN function.
- The MAP function.
- The MEASURE function.
- The MANAGE function.
- AI RMF Profiles.
Part 7 – Other EU Directives and Regulations.
1. The NIS 2 Directive.
2. The Digital Operational Resilience Act (DORA).
3. The Critical Entities Resilience Directive (CER).
4. The Digital Services Act (DSA).
5. The Digital Markets Act (DMA).
6. The European Health Data Space (EHDS).
7. The European Chips Act.
8. The European Data Act.
9. The European Data Governance Act (DGA).
10. The EU Cyber Solidarity Act.
11. The Digital Networks Act (DNA).
12. The European Cyber Resilience Act.
13. The European ePrivacy Regulation.
14. The European Digital Identity Regulation.
15. The European Media Freedom Act (EMFA).
16. The Corporate Sustainability Due Diligence Directive (CSDDD).
Part 8 – European Commission, guidelines for providers of general-purpose AI models (18.7.2025), important parts.
Note: There are no exam questions from this part of the program.
- Understanding the floating-point operation.
- Understanding the number of floating-point operations per second (FLOPS), the benchmark.
- The two thresholds.
- 1023 FLOPs is the threshold for General-Purpose AI (GPAI). It is the lower threshold to identify whether a model might be considered a general-purpose AI model (GPAI).
- 1025 FLOPs is the threshold for Systemic Risk for GPAI. If a GPAI model was trained with more than 10²⁵ FLOPs, the AI Act presumes it carries systemic risk.
Closing remarks.
Become an Artificial Intelligence Act Trained Professional (AIActTPro)
This is a Distance Learning with Certificate of Completion program, provided by Cyber Risk GmbH. The General Terms and Conditions for all legal transactions made through the Cyber Risk GmbH websites (hereinafter “GTC”) can be found at: https://www.cyber-risk-gmbh.com/Impressum.html
Each Distance Learning with Certificate of Completion program (hereinafter referred to as “distance learning program”) is provided at a fixed price, that includes VAT. There will be no additional costs, now or in the future, for any reason.
We will send the distance learning program via email up to 24 hours after the payment (working days). Please remember to check the spam folder of your email client too, as emails with attachments are often landed in the spam folder.
You have the option to ask for a full refund up to 60 days after the payment. If you do not want one of our distance learning programs for any reason, all you must do is to send us an email, and we will refund the payment, no questions asked.
Your payment will be received by Cyber Risk GmbH (Dammstrasse 16, 8810 Horgen, Switzerland, Handelsregister des Kantons Zürich, Firmennummer: CHE-244.099.341). Cyber Risk GmbH will also send the certificates of completion to all persons that will pass the exam.
The all-inclusive cost is 297 USD (US Dollars).
First option: You can purchase the Artificial Intelligence Act Trained Professional (AIActTPro) program with VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.
Purchase the Artificial Intelligence Act Trained Professional (AIActTPro) program here (VISA, MASTERCARD, AMEX, Apple Pay, Google Pay etc.)
Second option: QR code payment.
i. Open the camera app or the QR app on your phone.
ii. Scan the QR code and possibly wait for a few seconds.
iii. Click on the link that appears, open your browser, and make the payment.
Third option: You can purchase the Artificial Intelligence Act Trained Professional (AIActTPro) program with PayPal
You will be redirected to the PayPal web site.
What is included in the cost of the distance learning program:
A. The official presentations (1705 slides).
The presentations are effective and appropriate to study online or offline. Busy professionals have full control over their own learning and are able to study at their own speed. They are able to move faster through areas of the course they feel comfortable with, but slower through those that they need a little more time on.
B. Up to 3 online exam attempts per year.
Candidates must pass only one exam. If they fail, they must study the official presentations and retake the exam. Candidates are entitled to 3 exam attempts every year.
If candidates do not achieve a passing score on the exam the first time, they can retake the exam a second time.
If they do not achieve a passing score the second time, they can retake the exam a third time.
If candidates do not achieve a passing score the third time, they must wait at least one year before retaking the exam. There is no additional cost for additional exam attempts. To learn more, you may visit: https://www.artificial-intelligence-act.com/Distance_Learning_Programs_Exam_Certificate_of_Completion.pdf
C. The certificate of completion, with a scannable QR code for verification.
You will receive your certificate via email in Adobe Acrobat format (pdf), with a scannable QR code for verification, 7 business days after you pass the exam. A business day refers to any day in which normal business operations are conducted (in our case Monday through Friday), excluding weekends and public holidays.
D. Cyber Risk GmbH will develop a web page dedicated to each certified professional (https://www.cyber-risk-gmbh.com/Your_Name.htm).
When third parties scan the QR code on your certificate, they will visit this web page (https://www.cyber-risk-gmbh.com/Your_Name.htm), and they will be able to verify that you are a certified professional, and your certificates are valid and legitimate.
In this web page we will have your name, all the certificates you have received from us, and pictures of your certificates.
This is an example: https://www.cyber-risk-gmbh.com/Monika_Meier_AIActTPro.html
You can print your certificate that you will receive in Adobe Acrobat format (pdf). With the scannable QR code, all third parties can verify the authenticity of each certificate in a matter of seconds. Professional certificates are some of the most frequently falsified documents. Employers and third parties need an easy, effective, and efficient way to check the authenticity of each certificate. QR code verification is a good response to this demand.
Frequently Asked Questions for the distance learning programs.
1. I want to know more about Cyber Risk GmbH.
“Cyber Risk GmbH” is a company incorporated in Switzerland.
Registered address: Dammstrasse 16, 8810 Horgen, Switzerland.
Company number: CHE-244.099.341.
Cantonal Register of Commerce: Canton of Zürich.
Swiss VAT number: CHE-244.099.341 MWST.
EU VAT number: EU276036462. Cyber Risk GmbH is registered for EU VAT purposes in Germany (Bundeszentralamt für Steuern, One-Stop-Shop, Nicht EU-Regelung) for the sale of services in the EU. Cyber Risk GmbH declares and pays EU VAT in a single electronic quarterly return submitted to Germany, and the German Bundeszentralamt für Steuern forwards the EU VAT due to each member State of the EU.
Cyber Risk GmbH was founded in Horgen, Switzerland, by George Lekatis, a well-known expert in risk and compliance management. The company specializes in providing advanced cybersecurity, risk, and compliance training, helping organizations navigate and implement complex European, U.S., and international cybersecurity regulations. Additionally, Cyber Risk GmbH supports professionals in completing online training programs, passing exams, and obtaining Certificates of Completion, which serve as independent verification of their expertise for firms and organizations.
George Lekatis serves as the General Manager of Compliance LLC, a company incorporated in Wilmington, NC, with offices in Washington, DC. Compliance LLC provides risk and compliance management training in 58 countries. Several of its business units function as highly successful associations, offering a wide range of services to their members, including membership programs, regular updates (weekly or monthly), specialized training, and certification.
George is also the president of the International Association of Risk and Compliance Professionals (IARCP, https://www.risk-compliance-association.com). He leads the team responsible for developing and maintaining the Certified Risk and Compliance Management Professional (CRCMP) program. The CRCMP certification is widely regarded as a preferred credential by companies and organizations. For more information on the demand for CRCMPs, you may visit: https://www.risk-compliance-association.com/CRCMP_Jobs_Careers.pdf
Other business units of Compliance LLC:
- The Sarbanes-Oxley Compliance Professionals Association (SOXCPA), the largest Association of Sarbanes-Oxley professionals in the world. You may visit: https://www.sarbanes-oxley-association.com
- The Basel iii Compliance Professionals Association (BiiiCPA), the largest association of Basel iii Professionals in the world. You may visit: https://www.basel-iii-association.com
- The Solvency II Association, the largest association of Solvency II professionals in the world. You may visit: https://www.solvency-ii-association.com
Our instructors are professionals with extensive, real-world experience in their respective fields. They are equipped to deliver full-time, part-time, or short-form programs, all customized to suit your specific requirements. Beyond teaching, our instructors provide hands-on guidance, offering real-world insights that help bridge the gap between theory and practice. You will always be informed ahead of time about the instructor leading your program.
“Cyber Risk GmbH Training Programs” are training programs developed, updated and provided by Cyber Risk GmbH, and include:
a) In-House Instructor-Led Training programs,
b) Online Live Training programs,
c) Video-Recorded Training programs,
d) Distance Learning with Certificate of Completion programs.
“Cyber Risk GmbH websites” are all websites that belong to Cyber Risk GmbH, and include the following:
a. General, Sectors, Industries.
1. Hybrid Risk
4. Defensive Hybrid Intelligence (DHI)
5. Cognitive Intelligence (COGINT)
6. Legal Intelligence (LEGINT)
7. Algorithmic and AI Intelligence (ALGINT)
8. Synthetic Cognitive Intelligence (SCINT)
9. Hybrid Resilience Initiative (HRI)
10. Cyber Risk GmbH
11. Social Engineering Training
22. Sanctions Risk
23. American Privacy Rights Act of 2024 (APRA)
24. Travel Security
25. Risk management, what is different in Switzerland
b. Understanding Cybersecurity.
4. What is Synthetic Identity Fraud?
6. What is Quantum Risk Management?
c. Understanding Cybersecurity in the European Union.
2. The Digital Operational Resilience Act (DORA)
3. The Critical Entities Resilience Directive (CER)
5. The European Data Governance Act (DGA)
6. The European Cyber Resilience Act (CRA)
7. The Digital Services Act (DSA)
8. The Digital Markets Act (DMA)
10. The Artificial Intelligence Act
11. The Artificial Intelligence Liability Directive
12. The Framework for Artificial Intelligence Cybersecurity Practices (FAICP)
13. The EU Cyber Solidarity Act
14. The Digital Networks Act (DNA)
15. The European ePrivacy Regulation
16. The European Digital Identity Regulation
17. The European Media Freedom Act (EMFA)
18. The Corporate Sustainability Due Diligence Directive (CSDDD)
19. The Systemic Cyber Incident Coordination Framework (EU-SCICF)
20. The European Health Data Space (EHDS)
21. The European Financial Data Space (EFDS)
22. The Financial Data Access (FiDA) Regulation
23. The Payment Services Directive 3 (PSD3), Payment Services Regulation (PSR)
24. The Internal Market Emergency and Resilience Act (IMERA)
26. The European Cyber Defence Policy
27. The Strategic Compass of the European Union
28. The European Space Law (EUSL)
30. The EU-US Data Privacy Framework
31. The European Cloud and AI Development Act
34. The EU Cyber Diplomacy Toolbox
2. Is there any discount available for the distance learning programs?
We do not offer a discount for your first program. You have a $100 discount for your second and each additional program.
After you purchase the Artificial Intelligence Act Trained Professional (AIActTPro) program at $297, you can purchase:
a. The Digital Operational Resilience Act Trained Professional (DORATPro) program at $197. You can find more about the program at: https://www.digital-operational-resilience-act.com/Digital_Operational_Resilience_Act_Trained_Professional_(DORATPro).html .
b. The NIS 2 Directive Trained Professional (NIS2DTP) program at $197. You can find more about the program at: https://www.nis-2-directive.com/NIS_2_Directive_Trained_Professional_(NIS2DTP).html .
c. The Digital Services Act Trained Professional (DiSeActTPro) program at $197. You can find more about the program at: https://www.eu-digital-services-act.com/DiSeActTPro_Training.html.
d. The Digital Markets Act Trained Professional (DiMaActTPro) program at $197. You can find more about the program at: https://www.eu-digital-markets-act.com/DiMaActTPro_Training.html.
e. The Data Governance Act Trained Professional (DatGovActTP) program at $197. You can find more about the program at: https://www.european-data-governance-act.com/DatGovActTP_Training.html.
f. The European Chips Act Trained Professional (EChipsActTPro) program at $197. You can find more about the program at: https://www.european-chips-act.com/European_Chips_Act_Trained_Professional_(EChipsActTPro).html .
g. The Data Act Trained Professional (DataActTPro) program at $197. You can find more about the program at: https://www.eu-data-act.com/Data_Act_Trained_Professional_(DataActTPro).html .
In order to receive the URL for the discounted cost for your second and each additional program, please send us an email with title: “Please send me the URL for the discounted cost.”
In the email, please let us know:
a. Which was the name and email address of the person or legal entity that had purchased the first program.
b. Which is the program you want to purchase now at $197 instead of $297.
You will receive the URL for the discounted cost for your second and each additional program in less than 48 hours (working days). Please remember to check your spam folder too.
3. Are there any entry requirements or prerequisites required for enrolling in the training programs?
There are no entry requirements or prerequisites for enrollment in our programs. We believe that learning should be accessible to everyone, regardless of their background, academic credentials, or professional experience. In contrast to providers that set stringent prerequisites or entry barriers, our approach prioritizes accessibility and openness. We do not believe that the opportunity to learn and grow should be limited by prior qualifications. Whether you're just beginning your career, changing paths, or expanding your expertise, our programs are designed to support individuals at all levels. Each course provides a clear and structured learning path, allowing individuals at all levels to gain valuable insights, and build practical skills. Our approach empowers motivated learners from different industries and career stages to gain value and opportunity from the program.
4. I want to learn more about the exam.
You can take the exam online from your home or office, in all countries.
It is an open book exam. Risk and compliance management is something you must understand and learn, not memorize. You must acquire knowledge and skills, not commit something to memory.
You will be given 90 minutes to complete a 35-question exam. You must score 70% or higher.
The exam contains only questions that have been clearly answered in the official presentations.
All exam questions are multiple-choice, composed of two parts:
a. A stem (a question asked, or an incomplete statement to be completed).
b. Four possible responses.
In multiple-choice questions, you must not look for a correct answer, you must look for the best answer. Cross out all the answers you know are incorrect, then focus on the remaining ones. Which is the best answer? With this approach, you save time, and you greatly increase the likelihood of selecting the correct answer.
TIME LIMIT - This exam has a 90-minute time limit. You must complete this exam within this time limit, otherwise the result will be marked as an unsuccessful attempt.
BACK BUTTON - When taking this exam you are NOT permitted to move backwards to review/change prior answers. Your browser back button will refresh the current page instead of moving backward.
RESTART/RESUME – You CANNOT stop and then resume the exam. If you stop taking this exam by closing your browser, your answers will be lost, and the result will be marked as an unsuccessful attempt.
SKIP - You CANNOT skip answering questions while taking this exam. You must answer all the questions in the order the questions are presented.
When you are ready to take the exam, you must follow the steps described at "Question h. I am ready for the exam. What must I do?", at:
5. How comprehensive are the presentations? Are they just bullet points?
The presentations are not collections of bullet points, they are thoughtfully structured, in-depth learning materials designed to provide clear explanations, context, and real-world relevance. Unlike slide decks that rely on brief summaries, our presentations guide you through each concept in a comprehensive and engaging manner. They are highly effective for both online and offline study, making them ideal for professionals who value substance and flexibility in their learning experience.
6. Do I need to buy books to pass the exam?
No. If you study the presentations, you can pass the exam. All the exam questions are clearly answered in the presentations. If you fail the first time, you must study more. You can:
- Highlight key terms and sections to help you focus during review.
- Add digital sticky notes (just like Post-it notes) anywhere in the document to remind yourself where specific answers or explanations are.
- Underline or circle text using freehand drawing tools.
- Add bookmarks to easily navigate to important sections.
- Search each document using keywords to quickly find what you need.
7. Is it an open book exam? Why?
Yes, it is an open book exam. Risk and compliance management is a field that requires deep understanding, critical thinking, and the ability to apply principles in real-world situations, not simply the ability to memorize facts. The goal of our certification programs is to help you build lasting knowledge and practical skills that you can confidently use in your professional role.
In real-life scenarios, risk and compliance professionals have access to regulations, frameworks, and reference materials, and are expected to use them thoughtfully. Our open book exam reflects this reality by assessing your comprehension and ability to apply what you've learned, rather than testing your memory.
8. Do I have to take the exam soon after receiving the presentations?
No, there is no fixed exam date. You may take the exam at any time that suits you within four (4) years from the date of your payment. Your access to the training materials, including any future updates, will remain available to you at no additional cost during this four-year period.
Cyber Risk GmbH reserves the right to amend the General Terms and Conditions (GTC) at any time. Any changes will become effective upon publication on our websites, and will apply exclusively to training programs purchased after the date of modification.
For our distance learning and online certification programs, the General Terms and Conditions (GTC) in effect at the time of purchase shall apply for a period of four (4) years from the date of payment. After the expiry of this four-year period, the participant’s access to the program and the right to take the exam shall expire. Any future participation in the program shall require a new enrollment and will be subject to the General Terms and Conditions in force at that time.
Cyber Risk GmbH may, at its sole discretion, extend the four-year period for individual participants or for a group of participants. Such an extension is a voluntary option of Cyber Risk GmbH and shall not create any obligation, entitlement, or precedent for future cases.
9. Do I have to spend more money in the future to keep my certificate of completion valid?
No. Your certificate of completion is issued with lifetime validity and does not expire. There are no renewal fees, no hidden costs, and no requirement to retake the exam in the future. Once certified, you remain certified.
10. Ok, the certificate of completion never expires, but things change.
Things do change. While many organizations introduce mandatory recertification as a recurring revenue stream, we’ve taken a different approach. Although we were advised to "introduce multiple recurring revenue streams to keep business flowing", we made a conscious decision to prioritize long-term value for our clients over short-term profit. That’s why no recertification is required for our programs.
Instead, we are committed to keeping you informed and up to date, at no cost. We invite you to visit our Reading Room each month and explore our newsletter, where you’ll find valuable insights, regulatory updates, timely alerts, and new opportunities. This ongoing access ensures you remain current and well-informed in a dynamic and constantly evolving field.
Our newsletter is the most extensive monthly cybersecurity and compliance intelligence report available anywhere worldwide. This is a curated report for decision-makers, executives, and security professionals who cannot afford blind spots. Our extensive editorial provides expert analysis on the most pressing cyber, regulatory, and geopolitical risks impacting businesses today. Busy professionals don’t avoid long reports, they avoid reports that waste their time. You may visit:
https://www.cyber-risk-gmbh.com/Reading_Room.html
11. Which is your refund policy?
Cyber Risk GmbH maintains a clear and customer-friendly refund policy. You are entitled to request a full refund within 60 days of your payment, no questions asked. If, for any reason, you decide that one of our programs or services is not right for you, simply send us an email within this 60-day window.
Once we receive your request, we will process your refund within one business day. There are no forms to fill out, no explanations required, and no delays. Our goal is to provide a risk-free and stress-free experience.
12. I want to receive a printed certificate. Can you send me one?
Unfortunately, we do not issue printed certificates. Instead, you will receive your official certificate via email in Adobe Acrobat (PDF) format, which includes a scannable QR code for instant verification. Certificates are issued within 7 business days after you pass the exam. Please note that business days refer to Monday through Friday, excluding weekends and public holidays.
To ensure authenticity and transparency, the association creates a dedicated web page for each certified professional (cyber-risk-gmbh.com/Your_Name.html). This page will include your full name, a list of all certificates you have earned from us, and images of your certificates.
When a third party scans the QR code on your certificate, they are directed to your personalized verification page. This allows employers, clients, and other stakeholders to easily confirm that your certification is valid, current, and legitimately issued.
Professional certificates are among the most frequently falsified documents. Providing a secure, scannable QR code with direct access to official verification offers a fast, reliable, and efficient solution. You may also print your certificate from the PDF file at any time, with the embedded QR code ensuring instant and reliable validation.
13. Why should I choose your training programs?
I. Recognition and Credibility. Cyber Risk GmbH is trusted by professionals and organizations around the world (please look below, "Cyber Risk GmbH, some of our clients"). Our specialized training programs help participants master complex cybersecurity, risk, and compliance requirements and demonstrate their competence through examination. Our clients include leading companies and organizations. Their trust in our programs reflects the high standards of quality, accuracy, and professionalism that define every Cyber Risk GmbH training program.
II. Flexible and Convenient Learning: Our training programs are designed with flexibility in mind. Participants can access course materials and complete the exam anytime, from anywhere. This is especially beneficial for professionals with demanding schedules who need to learn at their own pace.
III. Affordable, All-Inclusive Pricing: Each program is offered at a low, all-inclusive price. There are no hidden fees or additional costs, now or in the future, for any reason.
IV. Discounts on Additional Programs: When you enroll in a second program, you receive a $100 discount. This means the all-inclusive cost for your second (and every additional) program is $197 (compared to the regular price of $297). There are no hidden fees or recurring charges.
V. Multiple Exam Attempts Included: Each program includes up to three exam attempts per year at no additional cost, as outlined above.
VI. No Recertification Required: Your certificates are issued with lifetime validity. No recertification is required, and your credentials will not expire.
VII. Potential for Career Advancement and Industry Recognition: There is a clear and growing demand for qualified professionals in risk and compliance management. Trained managers and employees are often recognized by employers, may enjoy broader career opportunities, and may be preferred for promotions or new roles. Specialized training and Certificates of Completion demonstrate your commitment to continuous learning.
However, it’s important to note that no training can guarantee a new or better job. Career advancement depends on many factors, including supply and demand, market conditions, and timing. Training is important, but it is only a part of a larger professional development journey.
VIII. The fit and proper requirement in regulations: Firms and organizations hire and promote fit and proper professionals who can provide evidence that they are qualified. Employers need assurance that managers and employees have the knowledge and skills needed to mitigate risks and accept responsibility. Supervisors and auditors ask for independent evidence that professionals are qualified, and that controls can operate as designed, because the persons responsible for these controls have the necessary knowledge and experience.
IX. Increased Earning Potential: Professionals who invest in gaining new skills may become eligible for higher-paying roles. Training and ongoing professional development may significantly enhance your earning potential and contribute to long-term career success. However, it’s important to understand that increased earnings are not guaranteed. Compensation and career advancement depend on various factors. Training is a valuable tool, but not a guarantee on your path to career growth.
Cyber Risk GmbH, some of our clients
