NEXIS Impulse July
14 Jul 2026Welcome to the June Edition of NEXIS Impulse
Every month, we keep you informed about current developments at Nexis, share insights into our NEXIS Platform and provide updates from the world of Identity Analytics & Access Governance and GRC.
Enjoy reading!
NEXIS INVOLVE 2026: Get Hands-On in Regensburg
Across two days at NEXIS INVOLVE, you’ll connect with your peers and the NEXIS team, exchange ideas, and discuss current IAM and GRC topics. Expect more than ten speakers, customer talks, live demos of the NEXIS Platform, and plenty of time to connect.
Breakout Sessions Where You Get Active!
Breakout sessions put you in the room as a participant, not just a listener.
- NEXIS Platform Enablement: a partner-only session, open to all partners, on getting more out of the NEXIS Platform in your own engagements.
- Tech Deep Dive: a hands-on technical look under the hood of the NEXIS Platform.
- Convergence of IAM and GRC: an interactive World Café where you help map how identity governance and GRC come together into one approach.
Two More Speakers to Meet
Last month we introduced the first two speakers on the agenda. Here are two more:
- Anton Rohr from SEFE will present practical approaches to identifying and managing information security risks and protection needs.
- Oliver Schluga from Erste Digital will share insights into effective role models in a large-scale enterprise.
Jahnstadion Regensburg | September 9–10, 2026
Why an AI Register Is Not Enough for the EU AI Act
Every EU AI Act program starts with the register: inventory every model, copilot, and agent, assign a risk class, keep it current for August 2026. Necessary work, but in our new post, you can discover that it is not enough. A register records what you intend to be true. It does not stop an agent from reaching for data it should never touch.
The main point: an agent’s risk does not sit in the model, it moves with the data it touches. So enforcement has to happen at the moment of access, weighing three things at once:
- The identity of the agent
- The jurisdiction of the model behind it
- The classification of the data it requests
This is exactly where IAM and GRC stop being separate functions, and where an Identity Visibility and Intelligence Platform like NEXIS earns its place.
Back from Las Vegas: What Identiverse 2026 Revealed About IAM
Our CEO Dr. Heiko Klarl just returned from Identiverse 2026 in Las Vegas. A few days among some of the brightest minds in identity left him with a clear read on where the market is heading.
Four themes stood out:
- IVIP is here to stay. The category answers a question many CISOs still cannot: who has access to what, across every IAM silo. And visibility alone is no longer enough, remediation is the next step.
- Role management matters. RBAC is not dead. The challenge was never the concept, but how roles are governed, optimized, and retired over time.
- Governance documentation turns strategic. Driven by DORA and beyond, static Word and Excel files give way to living documentation that stays in sync with the IAM landscape.
- Identity lifecycle still deserves attention. Provisioning is the easy part. Consistent offboarding and continuous governance are where real risk gets reduced.
Where IAM and GRC Converge: Governance for Finance and Insurance
The convergence of IAM and GRC is becoming a defining factor in finance and insurance.
As regulatory requirements increase and identity landscapes grow more complex, managing access, risk, and compliance in isolation is no longer sufficient. Organizations are moving toward an integrated approach where identity governance and GRC are aligned from the start.
By connecting identity data with risk and compliance frameworks, this convergence enables a consistent control model across the organization. Access decisions become more transparent, governance more structured, and audits easier to manage.
NEXIS supports this shift by bringing IAM and GRC together into one connected framework – creating clarity, improving control, and strengthening governance in highly regulated environments.
From Research to Practice: Why Data Quality Decides IAM Success
Organizations invest heavily in role models and governance, yet access structures tend to drift over time. Dr. Sascha Kern, a team lead in our software development, made exactly this the focus of his doctoral research: how to keep authorization structures accurate and sustainable as organizations change.
His central insight is clear. IAM is not mainly a technology problem, it is a data quality problem. Identities, entitlements, roles, and SoD rules all rest on data. When that data is incomplete or outdated, even the best platform produces unreliable results.
The result is a practical framework built on three building blocks:
- Measuring data quality with clear, consistent dimensions
- Improving it continously instead of through one-off clean-ups
- Making access reviews more effective at reducing real risk
This is how we work at Nexis: close to research, with the findings flowing straight into the NEXIS Platform.
Read the Full Article
Explore our Research Publications
Upcoming Events – Meet Us!
- NEXIS INVOLVE in Regensburg (September 9-10, 2026)
- KOGIT Secure Identity Forum in Frankfurt (September 29, 2026)
- cidaas connect in Rust (September 30-October 1, 2026)