NIS2

NIS2 in Belgium: Are You Considered an ‘energy Producer’ if You Generate Power Solely for Your Own Use?

By / Blog /

Belgium's NIS2 legislation classifies energy producers broadly. Companies generating energy solely for internal use, like solar or wind power, may still be deemed “energy producers” under NIS2 if they meet size criteria (medium or large). Thus, even minor energy generating activities can lead to compliance obligations, including incident reporting. However, proportionate oversight may be applied, recognizing lower societal impact from smaller operations.

https://www.eversheds-sutherland.com/en/slovakia/insights/nis2-in-belgium

Meeting EU Data, Cybersecurity, and Artificial Intelligence Law Obligations: a Checklist for Swiss Life Sciences Companies

By / Blog / , , ,

Swiss life sciences companies must prepare for EU Data, Cybersecurity, and AI regulations, particularly the Data Act, NIS2 Directive, and AI Act. Key points include ensuring user data access, implementing cybersecurity measures, registering for NIS2 by April 2025, and compliance with high-risk AI system regulations. Although these laws are EU directives, they affect Swiss companies operating within the EU. Compliance is critical to avoid fines and maintain market access and customer trust.

https://www.sidley.com/en/insights/publications/2025/03/meeting-eu-data-cybersecurity-and-artificial-intelligence-law-obligations

Proposals Published on the UK Cyber Security and Resilience Bill, Sam Edwards, Natalie Donovan

By / Blog / , ,

UK's Cyber Security and Resilience Bill details released, aiming to strengthen cybersecurity for critical infrastructure by enhancing existing NIS regulations from 2018. Key updates include expanding the scope to Managed Service Providers (MSPs) and data centers, imposing security duties, refining incident reporting to a two-stage structure, empowering regulators, and requiring the ICO to publish strategic priorities. The Bill aligns with EU's NIS2 for improved protection against cyber threats but does not adopt all NIS2 changes, notably omitting management liability.

https://thelens.slaughterandmay.com/post/102k7bo/proposals-published-on-the-uk-cyber-security-and-resilience-bill

5 Questions CISOs Should Ask Third-Party Vendors

By / Blog / , ,

CISOs must evaluate third-party vendors to mitigate risks, especially as recent data breaches highlight vulnerabilities. Key questions to ask include:

  1. What is the vendor’s overall security program?
  2. What is their security development process?
  3. What are their supply chain practices?
  4. Are their privacy and data protection practices compliant?
  5. Is the vendor insured, and under what terms?

These questions help ensure robust data protection while integrating third-party services. CISOs should be central in vendor selection to prevent potential breaches.

https://www.infosecurity-magazine.com/blogs/5-questions-cisos-should-ask/

What NIS2 Implementation Means for Enterprises [Q&A]

By / Blog / ,

NIS2 mandates enhanced cybersecurity for EU businesses and those interacting with them, focusing on risk management and compliance. It expands previous regulations to new sectors and demands stronger defenses against cyber threats. Challenges include varying readiness levels among organizations and the need for compliance to avoid penalties. Key strategies for alignment include auditing partners, consistent domain management, and fostering a security-focused culture. The impact on business partnerships is still emerging, with upcoming penalties likely prompting stricter security evaluations among partners.

https://betanews.com/2025/04/02/what-nis2-implementation-means-for-enterprises-qa/

Understanding Key EU Cybersecurity Legislative Acts NIS2, CER, and CRA

By / Blog / , ,

EU enacts NIS2, CER, and CRA to enhance cybersecurity. NIS2 updates previous directives, imposing cybersecurity mandates on essential entities, effective January 2023. CER targets physical resilience in 11 sectors, starting January 2023. CRA mandates cybersecurity standards for digital products; effective December 2024, main provisions in December 2027. Non-compliance can lead to hefty fines. Businesses advised to comply with these regulations.

https://www.twobirds.com/en/insights/2025/understanding-key-eu-cybersecurity-legislative-acts-nis2,-cer,-and-cra

Spain’s NIS2 Cybersecurity Overhaul: Prepare for the New Cybersecurity Framework

By / Blog / ,

Spain is implementing a draft cybersecurity law to align with the EU NIS2 Directive, expanding regulations to more “essential” and “important” entities, particularly in critical sectors like energy and finance. Companies must assess their regulatory status and enhance cybersecurity practices, covering incident detection, data protection, and supply chain security. Mandatory registration with the National Cybersecurity Centre is required within three months of designation, with transitional deadlines for service providers. The law emphasizes board-level governance, requiring appointed security officers and regular training. Non-compliance could result in significant financial penalties and reputational harm. Proactive measures are advised for compliance and risk mitigation.

https://www.osborneclarke.com/insights/spains-nis2-cybersecurity-overhaul-prepare-new-cybersecurity-framework

NIS2: What Do We Know so Far About the EU’s Expanded Cyber Security Regulation?

By / Blog / ,

NIS2 is the EU's enhanced cyber security regulation targeting mid- and large-sized organizations in critical sectors, extending beyond previous sectors like finance and energy to include food production, waste management, and more. It imposes higher compliance penalties, stricter reporting, employee training, and robust risk management measures. Managed Security Service Providers (MSSPs) are crucial in helping clients navigate and comply with NIS2 by ensuring infrastructure readiness, providing training, conducting risk assessments, implementing security controls, and maintaining continuous monitoring. MSSPs can leverage partnerships, such as with Check Point, for advanced support in fulfilling NIS2 requirements effectively.

https://blog.checkpoint.com/mssp/nis2-what-do-we-know-so-far-about-the-eus-expanded-cyber-security-regulation/

Paper Tigers Won’t Protect You: The Reality of Effective NIS2 Compliance

By / Blog /

NIS2 compliance is muddled by inconsistent implementation across EU, with Belgium leading by adopting ISO 27001 standards. The article criticizes “compliance theater,” where legal teams create voluminous documents without true engagement with technical experts. Large enterprises face added complexity from mergers, often only superficially securing parts of their systems. Real progress requires aligning compliance and technical teams, focusing on practical security improvements over documentation. Organizations should foster transparency with vendors and establish real security measures to build client trust and enhance innovation capabilities.

https://www.corporatecomplianceinsights.com/paper-tigers-protect-you-effective-nis2-compliance/

Scroll to Top