Executive Insights: Compliance and Legal Risk in the DACH Region

As part of our Executive Insights series, we speak with experienced leaders who operate at the intersection of business, risk, and transformation.

In this edition, we spoke with Claudius Bingel, Legal Counsel, about how compliance and legal risk are evolving across the DACH region—and where companies are most exposed today. 

His perspective reflects what many CEOs and General Counsels are currently facing: increasing regulatory pressure, fragmented ownership, and growing expectations driven by international business relationships. 

Where Compliance Risks Are Emerging Today

Question: Where do you currently see the biggest compliance and legal risks emerging for mid-sized to large companies in the DACH region?

Claudius Bingel:

“The biggest compliance risks in the DACH region are data governance, cyber readiness, sanctions, export controls, and the rapidly increasing governance expectations surrounding AI.

In Switzerland, cyber pressure remains high. Even if a Swiss company is not directly regulated, the requirements are passed on through the supply chain, especially regarding AI, cybersecurity, and sustainability reporting.

For Swiss companies doing business with the EU, the practical risk is often not the first intervention by a Swiss regulator, but rather losing business because expectations regarding contracts, audits, and due diligence change faster than internal processes can adapt.”

What Breaks Inside Organizations

Question: In your experience, what typically breaks down inside organizations when compliance requirements increase?

Claudius Bingel:

“Ownership is usually the first thing to break down. Everyone says compliance matters, but no one clearly owns the decision-making process, the budget, or the operational follow-through.

In SMEs in particular, legal, IT, HR, procurement, and sales each hold part of the risk. As requirements increase, handoffs fail, records become incomplete, and management is given a false sense of security by policies that are not actually embedded in the business.

The second breakdown occurs in documentation discipline. Companies often cannot demonstrate how they assessed risk, approved exceptions, trained staff, or monitored third parties.”

Interim Leadership vs External Counsel

Question: When companies face urgent regulatory change or investigations, what distinguishes effective interim legal leadership from external advisory support?

Claudius Bingel:

“Effective interim legal leadership is internal and makes real-time decisions.

External advisers are essential for specialist analysis, privilege strategy, and regulator-facing positions, but they typically do not oversee internal prioritization, stakeholder alignment, or day-to-day execution. 

A strong interim General Counsel or Head of Legal/Compliance creates a single control room where facts are gathered quickly, reporting lines are clear, and management receives decision-ready options rather than long memos.

In my experience, this internal leadership layer prevents regulatory stress from turning into organizational paralysis.”

What Companies Should Prepare for Now

Question: Looking ahead, what should CEOs and General Counsels prepare for in the next 12–24 months?

Claudius Bingel:

“Companies should prepare for more stringent expectations regarding AI governance, cyber incident management, data usage, sanctions screening, and cross-border customer due diligence.

Switzerland is taking a sector-based AI approach, while the EU continues refining the AI Act. Companies should not wait for perfect legal certainty before establishing governance.

I recommend three immediate steps:

• Map where AI and sensitive data are used 

• Test incident escalation and documentation procedures 

• Identify EU-driven obligations entering through contracts, tenders, and group policies 

Companies that avoid bottlenecks are not the ones with the longest rulebooks, but the ones that know their risk inventory, have designated owners, and can quickly produce evidence.”

Closing Perspective

What emerges clearly from this discussion is that compliance challenges are no longer primarily legal questions.

They are organizational execution challenges.

For many companies, the issue is not understanding regulatory requirements—but ensuring that ownership, coordination, and documentation hold under pressure.

This is where experienced, embedded leadership becomes critical.

About the Series

The Executive Insights series features conversations with senior leaders across industries, focusing on how companies navigate complexity, transformation, and risk in real operating environments.