What is the NIS2 Directive?

The NIS2 Directive is European led legislation aiming to standardise cyber security practices across essential and important European entities. It is a revised set of regulations from its predecessor, the NIS1 directive, and looks to help organisations enhance their readiness to protect against the growing number of cyber threats. NIS2 has expanded its scope to include a number of new sectors and apply stricter standards and requirements for cyber security and the reporting of incidents. With an adoption deadline of October 17th, 2024 organisations must act now.

As a senior management member you may be subject to punishment if you do not comply with the Network and Information Security Directive (NIS2).

What are Director’s Responsibilities for NIS2 Compliance?

The NCSC (National Cyber Security Centre)¹ sets out 5 responsibilities that management bodies of essential and important entities must comply with:

• Approve the adequacy of cyber security risk management measures taken by the entity.
• Supervise the implementation of the risk management measures.
• Follow training in order to gain sufficient knowledge and skills to identify risk and access cyber security risk management practices and their impact on the services provided by the entity.
• Offer similar training to their employees on a regular basis.
• Be accountable for the non-compliance.

Not complying to the above can leave senior management members liable to administrative fines or even removal/ban from managerial roles.

Discover the Directors Essential Guide to NIS2