Compliance on Pfisterer Consulting

WhatsApp Lawsuit Against Meta: What It Means for Businesses

Fri, 10 Apr 2026 13:30:00 +0200

For ten years, WhatsApp has promised end-to-end encryption. Since January 2026, a class action lawsuit in a U.S. federal court claims that promise was a lie. And today, April 10, 2026, the public debate is escalating. Elon Musk and Telegram founder Pavel Durov are attacking Meta head-on.

This directly affects German SMEs. Millions of businesses use WhatsApp Business for customer communication, order processing, scheduling, and internal coordination. If the allegations hold up, trade secrets and GDPR compliance are at stake for every one of them. This topic falls squarely within the IT strategy and system selection work I do with mid-sized companies.

When AI Agents Hack AI Systems: Why Your AI Needs Security Testing Now

Wed, 11 Mar 2026 08:00:00 +0100

An autonomous AI agent chains four individually harmless vulnerabilities into a complete platform takeover — severity rating CVSS 9.8 out of 10. Then it gives itself a voice and calls the target system’s AI. No human hacker. No sophisticated exploit kit. One AI hacking another AI.

This isn’t science fiction. This happened in March 2026 — to a $20 million-funded AI recruiting startup whose clients included Anthropic, Stripe, and Monzo. AI security is a central aspect of my consulting on compliance and regulatory requirements.

DATEV ERP: Why You Should Never Change Cost Centers Mid-Year

Tue, 03 Mar 2026 14:00:00 +0100

“We just created a new department — can we quickly adjust the cost centers?” This request comes up in almost every company at least once a year. Usually in April, when the new org structure is in place. Or in September, when a new project starts. The answer should always be the same: Not now. At year-end.

Why? Because DATEV handles cost centers differently than most users assume. These DATEV-ERP topics are a central part of my consulting on compliance and regulatory requirements. And the consequences of a mid-year change only become visible when it’s too late — in the management report, the cost center analysis, or the annual financial statements.

One Year of Mandatory E-Invoicing: Why the B2B Standard Is Drowning in ZUGFeRD Chaos

Tue, 24 Feb 2026 08:00:00 +0100

Note: This article covers the German e-invoicing mandate (E-Rechnungspflicht). The requirements are specific to companies operating in Germany.

Earlier this year, I published a summary of what SMEs need to know about mandatory e-invoicing. Reception mandate since January 2025, sending mandate from 2027, EN 16931 formats. Straightforward enough in theory.

Now, more than a year after the reception mandate took effect, it’s time for an honest assessment: The reality on the ground is catastrophic. E-invoicing is one of the most pressing topics in my consulting on compliance and regulatory requirements.

Shadow AI: When Employees Secretly Build Their Own AI Agents

Mon, 23 Feb 2026 10:00:00 +0100

The New Shadow IT Has a Brain

Shadow IT has been a headache for years — unauthorized tools, private cloud accounts, rogue SaaS subscriptions. But Shadow AI takes it to a different level entirely. This topic is part of my AI and automation consulting for SMEs. Because this time, employees aren’t just using unapproved software. They’re building intelligent workflows that actively process, analyze, and redistribute company data.

And they’re doing it with the best of intentions.

Helsing, AI Weapons, and the Illusion of Human in the Loop

Wed, 18 Feb 2026 10:00:00 +0100

Helsing is one of Europe’s fastest-growing defense companies. Founded in Munich, with offices in London and Paris, the company builds AI-powered weapon systems: the HX-2 strike drone, the CA-1 Europa autonomous combat aircraft (with HENSOLDT), electronic warfare (Cirra), underwater reconnaissance (SG-1). Investors like Daniel Ek (Spotify founder) and former Airbus CEO Tom Enders sit on the board.

This is not a startup toy. Helsing is a heavy player in European defense.

AI Agents and the EU AI Act 2026: What SMEs Need to Know Now

Tue, 17 Feb 2026 10:00:00 +0100

August 2, 2026 is the deadline: the EU AI Act (Regulation (EU) 2024/1689) takes full effect. For German SMEs, this creates a dilemma: if you use AI, you must prove it’s compliant. If you don’t use AI, you lose the race for talent and efficiency.

I’m currently working intensively on exactly this topic – and sharing my assessment here. The EU AI Act is a central topic in my consulting on compliance and regulatory requirements.

E-Invoicing 2025: What SMEs Need to Know Now

Thu, 12 Feb 2026 10:00:00 +0100

Note: This article covers German e-invoicing regulations (Wachstumschancengesetz). The requirements are specific to companies operating in Germany.

Since January 1, 2025, companies in the B2B sector must be able to receive e-invoices. The e-invoicing mandate is a core topic in my consulting on compliance and regulatory requirements for SMEs. Starting 2027, sending e-invoices will also be mandatory (with a transition period until 2028 for smaller companies).

E-Invoice Definition: What Qualifies Under German Law

A PDF via email is not an e-invoice. Germany’s Wachstumschancengesetz (Growth Opportunities Act) defines e-invoices as structured electronic formats compliant with EN 16931. In practice, that means: