NIS2 & Cybersecurity in Practice: Compliance Challenges

November 2024

Abstract

The recently adopted NIS2 Directive places novel and stringent compliance requirements before a wide selection of essential and important entities (energy, transport, food production, telecoms, etc). The actual number of companies affected is even larger as direct suppliers are also included. NIS2 no longer demands just ordinary compliance but introduces ex ante risk assessment, management and mitigation requirements. Inexperienced companies will struggle as they learn strategic, organizational and operational implications of the new obligations. Top management plays a key role in overseeing NIS2 compliance requirements and making sure that key officers and units in the company work together. In-house counsel needs to work with top management to ensure that basic NIS2 compliance exists, that policies and procedures are in place and that all actors understand their respective roles and duties. We postulate that good NIS2 compliance, in spite of associated costs, also means more competitive products and services.

Author

Andrej Savin

Professor, CBS LAW, Copenhagen Business School, Denmark

Andrej Savin is a professor of IT Law and Internet Law at Copenhagen Business School. His main research interests lie in Information Technology Law, and in particular EU policymaking in the digital single market, the regulation of new business models and Internet governance in the US and in Europe. Andrej Savin also works on law and management in the legal environment, in particular with focus on the interplay between law, ethics, business and society in the digital world. His works include books EU Internet Law, EU Telecommunications Law, Research Handbook on EU Internet Law and others.

Something familiar is playing out inside legal departments right now. A new category of technology arrives with credible promises, vendors multiply overnight, and professionals rush to adopt new tools before...Read more

Cat Carroll

Head of Legal Operations, iManage LLC, USA

Between Board Neutrality and Control: Reimagining Hostile Takeover Defences in India with Lessons from Delaware and Asia-Pacific

Hostile takeovers have traditionally played only a limited role in the mergers and acquisitions landscape in India. This is attributable primarily to the ownership structure of most listed Indian companies,...Read more

Vikas Agarwal

Co-Founder, LegaLogic Consulting, India

Neha Deshmukh

Legal Advisor, LegaLogic Consulting, India

“But I Wore the Lemon Juice”: AI, Confidence, Confidentiality, and the Novel Risks Facing In-House Counsel

Contemporary lessons for international in-house counsel can emerge from strange places. In 1995, two Pittsburgh bank robbers applied lemon juice to their faces, confidently believing it would blur their appearance...Read more

Todd Krieger

Director of International Transactions and Senior Counsel, InterSystems Corporation, USA

From Gatekeeper to Process Architect: The New Role of In-house Counsel in AI Governance

In an era of accelerated advancement in AI technology, dynamic and variable global legislative approaches to AI risk management, and unrelenting commercial pressure for agile AI adoption, the role of...Read more

Cam-Van (Vannie) Nguyen

Senior Managing Counsel, Office of the Chief Legal & Regulatory Officer, Align Technology, Inc., USA

Karen Jaenike

Legal Director, Strategic Commercial Affairs, Align Technology, Inc., USA

NIS2 & Cybersecurity in Practice: Compliance Challenges

Abstract

Author

Company

CBS LAW, Copenhagen Business School

Related Papers