NIS2 Directive mandates corporate boards oversee cybersecurity as a governance issue, implementing duties for risk management, training, and incident response. Effective from 2024 in Italy, it holds boards accountable with fines up to €10M for non-compliance. The directive broadens its scope beyond critical infrastructure, imposing requirements on various sectors and emphasizing supplier cybersecurity scrutiny. Companies must integrate compliance strategies, adapt policies, and prepare for regulatory audits to safeguard trust and protect business integrity. Key deadlines include readiness for incident notifications by January 2026 and full compliance by October 2026.
https://www.hoganlovells.com/en/publications/nis2-cyber-governance-as-a-boardroom-matter