NIS2 & Cybersecurity in Practice: Compliance Challenges

November 2024

Abstract

The recently adopted NIS2 Directive places novel and stringent compliance requirements before a wide selection of essential and important entities (energy, transport, food production, telecoms, etc). The actual number of companies affected is even larger as direct suppliers are also included. NIS2 no longer demands just ordinary compliance but introduces ex ante risk assessment, management and mitigation requirements. Inexperienced companies will struggle as they learn strategic, organizational and operational implications of the new obligations. Top management plays a key role in overseeing NIS2 compliance requirements and making sure that key officers and units in the company work together. In-house counsel needs to work with top management to ensure that basic NIS2 compliance exists, that policies and procedures are in place and that all actors understand their respective roles and duties. We postulate that good NIS2 compliance, in spite of associated costs, also means more competitive products and services.

Author

Andrej Savin

Professor, CBS LAW, Copenhagen Business School, Denmark

Andrej Savin's is a professor of IT Law and Internet Law at Copenhagen Business School. His main research interests lie in Information Technology Law, and in particular EU policymaking in the digital single market, the regulation of new business models and Internet governance in the US and in Europe. Andrej Savin also works on law and management in the legal environment, in particular with focus on the interplay between law, ethics, business and society in the digital world. His works include books EU Internet Law, EU Telecommunications Law, Research Handbook on EU Internet Law and others.

Canada is one of the few countries in the world experiencing the most pronounced effects, including financial and job losses, of President Trump’s tariffs (i) upon exports of Canadian goods,...Read more

Richard Leblanc

President, Boardexpert com Inc, Canada

UK Economic Crime and Corporate Transparency Act 2023 - Failure to prevent fraud: Storm in a tea cup?

The Failure to Prevent Fraud offence contained within the UK Economic Crime and Corporate Transparency Act 2023 (ECCTA) finally comes into effect on 1 September 2025 following the release of...Read more

Steve Holt

Partner, Grant Thornton UK, UK

Oishi Ghosh

Forensic Investigation Services Manager, Grant Thornton UK, UK

Ollie Haselden

Assistant Manager within the Forensics and Investigations department, Grant Thornton UK, UK

The Current Status of Diversity, Equity, and Inclusion Efforts in U.S. Companies: Challenges, Progress, and Future Directions

Diversity, equity, and inclusion (DEI) initiatives have become central to the missions of many U.S. companies. These efforts seek to address historical inequities, foster inclusive environments, and serve an increasingly...Read more

Mary Kennard

Vice President & General Counsel (retired), American University, USA

How can lawyers and clients best work together?

We often hear about clients and lawyers frustrated with each other. Certainly, both sides would have wished to avoid the disappointment. However, do we know how to forge a healthy...Read more