Impacted by a New Regulation
A new law hits a company's sector — every affected business needs the same solutions before the same deadline.
A new law hits a company's sector — every affected business needs the same solutions before the same deadline.
A new regulation just landed on a sector: the EU AI Act on anyone shipping AI features, DORA on financial firms and their IT suppliers, CSRD on mid-size companies that never wrote a sustainability report, NIS2 on operators of anything deemed essential. Unlike every other signal in this library, this one doesn't fire for a single company. It fires for a market.
Each in-scope company now has the same to-do list and the same non-negotiable date, written into law, with fines attached for missing it.
Regulation is the only force that makes thousands of companies buy the same thing at the same time. There's no need to create urgency; parliament did that. There's no budget objection that survives a statutory penalty. And the scope criteria are published, so your addressable list isn't a guess, it's in the legislation: these sectors, above this headcount, by this date.
The window has a rhythm worth respecting. Gap assessments and consultant engagements start 12 to 24 months out. Tooling and vendor selection happen in the middle. The final stretch is implementation, when evaluation is over. Selling early means shaping requirements; selling late means fighting over stragglers. And after the deadline, the first enforcement actions reliably reopen wallets sector-wide. Individual companies' own compliance milestones, like earns GDPR compliance, tell you who's already moving.
Segment the in-scope list by deadline and visible readiness, then write to the obligation, not the trend.
A cybersecurity vendor selling into DORA might message a mid-size insurer's CISO: "DORA's ICT incident reporting rules apply to you from January, and the 24-hour initial notification window is the part that breaks manual processes. We've built the classification-and-reporting workflow against the regulatory technical standards, three insurers your size are live on it. Worth comparing against your current incident runbook before the board asks for the readiness report?"
Citing the specific article, deadline, and entity type does the qualification for them. Generic "are you ready for [regulation]" mail gets deleted; mail that demonstrates you've read the law gets forwarded to whoever owns the problem.
DORA and NIS2 turned security controls into legal obligations for banks, insurers, utilities, and their suppliers. Incident reporting within 24 hours, resilience testing, board accountability. Map the in-scope entities in your territory and sell against the article numbers.
13 more signals for security & complianceCSRD obligates thousands of companies to produce audited sustainability reports on a phased timetable. Each company's first reporting year is public information, which means your prospect list comes with deadlines attached. Work it in deadline order.
13 more signals for security & complianceEvery major regulation triggers a gap-assessment wave: what applies to us, what do we lack, what will it cost. That engagement lands 12 to 18 months before the deadline. Publish the readiness framework early and the assessments come to you.
13 more signals for security & complianceThe EU AI Act gives providers of high-risk systems concrete duties: risk management, logging, technical documentation, conformity assessment. Companies with AI in hiring, credit, or medical products know they're in scope and are budgeting now.
13 more signals for security & complianceNew regulations create training mandates: staff must be trained, and the training must be evidenced. It's the fastest line item to approve in any compliance budget, and it renews annually. Sector-specific content beats generic every time.
9 more signals for training & enablementIn the first year of a major regulation, interpretation is the product: what counts as an 'essential entity', which AI systems are 'high-risk'. Firms that publish clear guidance early become the default counsel for the whole implementation wave.
8 more signals for legal & privacyClearcue watches for impacted by a new regulation and every other signal in this library — and hands you the people behind them.