News

Subject: Information System Science

Title: Adapting to Regulation: The EU AI Act’s Influence on AI Adoption in Dutch Banking

Abstract: 

The European Union Artificial Intelligence Act (EU AI Act) aims to regulate the use and adoption of AI systems across various sectors, including banking. The EU AI Act introduces compliance requirements and addresses high-risk AI systems to ensure ethical AI usage in organisations. Despite theoretical discussions, there is still a lack of empirical evidence on the effects of the EU AI Act on AI adoption. This raises questions about how Dutch banks can succesfully adopt AI while achieving regulatory compliance. This study investigates the influence of the EU AI Act on the adoption of artificial intelligence (AI) within the Dutch banking sector, through compliance and innovation strategies. The research explores the challenges Dutch banks face in adapting to the EU AI Act. It highlights key areas such as compliance strategies, AI literacy, innovation, and the balance between regulation and innovation. A comprehensive literature review is conducted, followed by thematic analysis of collected data from 12 semi-structured interviews. The study identifies significant themes including varying stakeholder perceptions of the EU AI Act, the importance of AI literacy for compliance and competitive advantage, and innovative practices amid regulatory constraints. To overcome those challenges, the study recommends establishing clear AI literacy initiatives and inventory systems. Moreover, the integration of specialized compliance-focused roles in banks can further support adherence to the EU AI Act. Furthermore, the study provides empirical insights into the EU AI Act’s influence, understanding its impact on compliance and innovation strategies in the banking sector. Ultimately, the study highlights the importance to balance compliance with the EU AI Act and stimulate AI innovation for Dutch banks, remaining competitive within the strict regulatory landscape. Future research directions are suggested to explore ongoing developments in AI governance and its impact across different banking sectors and geographical locations.

Key words: EU AI Act, AI systems, Dutch banking sector, compliance strategies, AI adoption, innovation, regulatory challenges

Subject: Information System Science

Title: Enhancing cybersecurity awareness strategies to comply with ISO 27001:2022

Abstract: 

This thesis presents a case study of ICT Group aimed at enhancing cybersecurity awareness throughout the organization by developing a role-based strategy aligned with the ISO 27001:2022 standard. Through a multi-method research approach, including literature review, organizational analysis, benchmarking, and data collection via interviews, surveys, and incident reports, the study identifies critical gaps in the current one-size-fits-all awareness program. The findings demonstrate the need for tailored, role-specific training that addresses the unique cybersecurity risks associated with different employee functions.
A comprehensive, modular awareness strategy is proposed, featuring detailed role-risk mapping, targeted training plans, and the integration of Learning Management Systems (LMS) to support scalable and engaging learning experiences. The strategy further incorporates the appointment of cybersecurity champions, a centralized communication platform, continuous microlearning, and a metrics-driven evaluation framework to monitor effectiveness and promote continuous improvement.
The LMS options were evaluated, recommending Docebo for its scalability and robust role-based capabilities, with Moodle and Nerds & Company as alternative solutions based on organizational needs. Finally, a phased implementation roadmap is outlined to guide ICT Group in transitioning to a sustainable, scalable, and ISO-aligned cybersecurity awareness program that fosters a proactive security culture.

Key words: Cybersecurity, Awareness improvement, cybersecurity awareness strategy

Subject: Information System Science

Title: Understanding Knowledge Platform Adoption in a Large Industrial Organization: A Multi-Layered Case Study

Abstract: 

This thesis investigates the factors influencing employees’ willingness to engage with a knowledge management platform within a large multinational industrial organization. Based on a six-month field immersion and a department-level case study, the research combines qualitative interviews and a structured survey to examine how organizational framing, behavioral motivation, and technological usability interact to shape platform adoption. The findings reveal that while interpersonal trust and technical access were present, engagement remained limited due to weak strategic framing, lack of managerial modeling, and persistent usability frictions. The concept of latent disengagement is introduced to describe this passive yet non-resistant pattern of underuse.
The thesis makes a theoretical contribution by integrating insights from affordance theory, symbolic framing, and motivation psychology to explain voluntary system use. Practical recommendations include reinforcing symbolic legitimacy, simplifying usability, and establishing feedback loops to support sustained engagement with knowledge-sharing platforms in complex organizational contexts.

Key words: knowledge sharing, digital platforms, user engagement, knowledge management systems adoption

Subject: Information System Science

Title: Evaluating and optimizing productivity of Generative Artificial Intelligence in organizational projects

Abstract: 

As Generative Artificial Intelligence (GenAI) continuous to evolve, its integration into organizational workflows present both significant opportunities and complex challenges. While GenAI has demonstrated potential to enhance productivity through automation, decision-making and content generation, organizations struggle to reliably assess its impact. This research investigates how the productivity of GenAI can be accurately assessed and optimized within service-oriented projects.
The research employs a qualitative design, combining a Systematic Literature Review, semi-structured interviews, and multiple case studies. The findings reveal that although GenAI can significantly reduce task completion time and improve output quality, its productivity gains are often inconsistently measured. Metrics are used sporadically and lack standardization, moreover the effectiveness of GenAI varies across business context and organizational maturity.
To address these challenges, the study introduces the Generative Productivity & Impact Model (G-PIM), a multidimensional framework consisting of five dimensions: strategic impact, operational performance, human-centric outcomes, governance and risk and contextual adaptability. This model provides a holistic view of GenAI’s contribution to business value, emphasizing both direct and indirect productivity indicators.
This paper emphasizes the importance of establishing standardized productivity metrics, aligning KPIs with strategic objectives and adopting outcome-based pricing models to accurately assess and optimize the impact of GenAI. Furthermore, fostering organizational readiness and embedding robust governance structures are essential to ensure responsible, scalable, and value-driven GenAI deployment.
This research contributes to academic literature by bridging theoretical insights with practical implications, offering actionable recommendations for organizations seeking to leverage GenAI effectively. It also lays the foundation for future research on long-term impacts, human-AI collaboration, and the development of adaptive performance metrics in rapidly evolving technological landscapes.

Key words: Generative Artificial Intelligence (GenAI), productivity, Key Performance Indicators (KPI), organizational performance, business value.

Subject: Proactive third-party cybersecurity monitoring in the financial sector under DORA

Title: Cybersecurity risk management in outsourcing: a proactive approach to third-party monitoring under DORA

Abstract: 

In today’s digital landscape, organizations increasingly rely on third-party service providers for critical IT functions. While this dependence enhances operational efficiency, it also introduces significant cybersecurity risks. In response to the rise in cyber-attacks and the need for stronger digital resilience in the financial sector, the European Union introduced the Digital Operational Resilience Act (DORA), which from January 17, 2025, mandates all financial entities and third-party ICT providers to strengthen their IT security and ensure resilience against cyber threats. Although DORA outlines key responsibilities for third-party risk management, it lacks concrete guidance on how financial entities should monitor their outsourcing partners, leaving a gap that neither academic literature nor current industry practices have yet adequately addressed. This study addresses that gap by identifying practical barriers to effective third-party monitoring and proposing structured, forward-looking steps for improving oversight in line with DORA. Using a qualitative methodology, the research integrates a literature review with semi-structured interviews conducted with experts in DORA, cybersecurity, and third-party risk management, offering both theoretical and practical insights. Findings reveal that while financial entities recognize the need for proactive monitoring, many lack the internal capacity and organizational readiness to implement it, as many are still in the process of establishing baseline compliance. To move toward proactive monitoring, financial entities should start by developing a comprehensive inventory of all third-party relationships, classifying them by criticality, and strengthening internal capabilities. Establishing regular evaluations and KPI-driven service-level reporting provides a strong foundation for oversight, which could later be enhanced through advanced technologies such as AI.

Key words: Digital Operational Resilience Act, compliance, cybersecurity, third-party risk management, proactive monitoring