NIS2 & Cybersecurity in Practice: Compliance Challenges
Abstract
The recently adopted NIS2 Directive places novel and stringent compliance requirements before a wide selection of essential and important entities (energy, transport, food production, telecoms, etc). The actual number of companies affected is even larger as direct suppliers are also included. NIS2 no longer demands just ordinary compliance but introduces ex ante risk assessment, management and mitigation requirements. Inexperienced companies will struggle as they learn strategic, organizational and operational implications of the new obligations. Top management plays a key role in overseeing NIS2 compliance requirements and making sure that key officers and units in the company work together. In-house counsel needs to work with top management to ensure that basic NIS2 compliance exists, that policies and procedures are in place and that all actors understand their respective roles and duties. We postulate that good NIS2 compliance, in spite of associated costs, also means more competitive products and services.