Under NIS2, numerous companies spanning different sectors will be facing increased cybersecurity obligations.

The NIS2 legislation impacts more entities than those directly listed, as all directly covered entities are required to ensure their suppliers and direct service providers implement similar measures.

Failure to comply may have significant consequences, including potential administrative measures and fines, with possibilities for legal representatives to be personally liable for breach of their duties to ensure compliance.

Among the requirements, the following are key to any compliance checklist:  

  • Risk analysis and information system security policies
  • Supply chain security measures
  • Incident handling measures
  • Business continuity measures
  • Cybersecurity risk management assessment policies
  • Cyber hygiene practices and training
  • Cryptography and encryption policies
  • HR security, access control, and asset management
  • Multi-factor authentication and secure communication measures
  • Security measures for the acquisition, development, and maintenance of network and information systems
  • Coordinated vulnerability disclosure

Want to learn more? Send an email to events.belgium@loyensloeff.com to pre-register for our Cybersecurity Day on 10 December 2024. The event will feature a variety of practical presentations designed to help you navigate these new obligations.