The NIS2 Directive, which came into force in October, imposes extensive cyber risk management, incident reporting, business continuity, and information sharing obligations on a much greater number of organisations – around 30,000 compared to the 3,000 previously affected by NIS1.
The directive also introduces significantly higher penalties and sanctions for organisations that fail to comply or maintain compliance. Directors and management can now be held personally liable for implementation failures, fines can be up to €10 million or 2% of total turnover, and regulators can suspend business operations if deemed necessary.
For organisations that now find themselves within scope of the NIS2 Directive, taking a proactive approach to compliance has become a must-have.
Understanding the requirements
Introduced to enhance and strengthen cybersecurity resilience within the EU and beyond, NIS2 sets out measures organisations must adhere to in four key areas: risk management, corporate accountability, reporting and business continuity. It also sets out specific requirements around information sharing.
This is not a one-off box ticking exercise. Organisations will…
