The NIS2 Directive applies to all companies providing services or operating in the EU, provided they employ at least 50 people or have an annual turnover and annual balance sheet total of more than 10 million EUR and belong to one of the critical sectors. Check now if you are affected with our free Quick-Check!
In addition to governance and cybersecurity awareness, the NIS2 Directive obliges companies to establish a risk management and a procedure for handling security incidents. Companies must determine which measures are specifically required by means of a gap analysis.
According to the NIS2 Directive, management bodies must ensure that the necessary technical, organisational and legal measures are taken and they must monitor their implementation. In case of non-compliance, managing directors can be held personally liable for breaches.
Both the legal situation and internal company processes are subject to change, which can be accompanied by new requirements. Companies must therefore continuously monitor both the legal situation and internal structures and react to changes.