NIS2 – CIO.works

The Compliance Trap: Why Security Labels Won’t Save You From the Regulators

By CIO / Blog / GDPR, compliance, privacy, NIS2, regulation

The article critiques the growing regulatory burden in European cybersecurity compliance, highlighting that security certifications and labels, promoted as quality marks by firms like Belgium's Approach Cyber, instead function as costly barriers for small and medium enterprises (SMEs). It argues that overlapping regulations such as GDPR, NIS2, DORA, and the Cyber Resilience Act create complex, expensive compliance demands that favor large vendors and consultants while stifling innovation and agility among smaller businesses. The piece emphasizes that this regulatory complexity undermines digital freedom and does not effectively address underlying security challenges, especially for organizations lacking specialized expertise.

https://www.trinitybugle.com/techscience/the-compliance-trap-why-security-labels-wont-save-you-from-the-regulators.html

How the EU’s NIS2 Directive Is Changing How CIOs Think About Digital Infrastructure

By CIO / Blog / cybersecurity, risk management, compliance, EU, NIS2, regulation

The EU’s NIS2 directive is prompting CIOs to rethink digital infrastructure by extending risk accountability beyond individual organizations to encompass the entire ecosystem of interconnected providers, including cloud platforms and network operators. This shift emphasizes designing resilient systems that can continue operating despite failures in any part of the network, moving resilience from a compliance exercise to a strategic priority focused on infrastructure architecture and connectivity.

https://www.cio.com/article/4162091/how-the-eus-nis2-directive-is-changing-how-cios-think-about-digital-infrastructure.html

Ten Things to Ask Your IT Team About NIS2 Compliance

By CIO / Blog / cybersecurity, compliance, NIS2

The article discusses the key areas organizations must address to ensure compliance with the EU's NIS2 directive, which mandates robust cybersecurity governance and resilience. It highlights ten critical focus points including risk analysis, incident handling, business continuity, supply chain security, and the importance of continuous evidence gathering and proper IT tools. The article emphasizes that leadership must proactively oversee cybersecurity measures to meet strict regulatory requirements and maintain business continuity in the face of threats.

https://www.kaseya.com/blog/nis2-compliance/

Breaking Down NIS2: the Five Main Requirements of the Updated NIS Directive

By CIO / Blog / cybersecurity, compliance, NIS2, regulation

NIS2, an update of the EU's cyber security framework, aims to enhance resilience against evolving threats across more sectors, covering essential and important entities. It introduces five key compliance requirements: risk management, incident reporting, cyber security practices, third-party risk management, and workforce security training. NIS2 is an ongoing process, not a one-time compliance task. The directive sets a baseline for accountability and resilience in cyber security across the EU.

https://www.financierworldwide.com/breaking-down-nis2-the-five-main-requirements-of-the-updated-nis-directive

Protecting the ICT Supply Chain: a Step-By-Step Guide to the New EU Security Framework

By CIO / Blog / cybersecurity, regulation, NIS2

The European Commission proposed a new cybersecurity package, including a revised Cybersecurity Act (CSA2) and amendments to NIS2, to strengthen the EU’s cybersecurity resilience. The CSA2 introduces a five-step mechanism to address non-technical risks in the ICT supply chain, potentially prohibiting NIS2 organizations from using ICT equipment from high-risk suppliers, particularly those from countries posing cybersecurity concerns. This framework aims to protect the EU’s ICT supply chain, with potential implications for connectivity and space operators.

https://accesspartnership.com/opinion/protecting-the-ict-supply-chain-a-step-by-step-guide-to-the-new-eu-security-framework/

NIS2: Supply Chains as a Risk Factor

By CIO / Blog / regulation, risk management, cybersecurity, NIS2

NIS2 increases supply chain security requirements, emphasizing external IT risks. Companies must integrate these risks into their security strategies, transforming dependencies into management responsibilities. Effective control of supply chains involves identifying critical partners, setting security standards, and continuous risk monitoring. CISOs' roles expand to include risk communication and holistic management. Compliance under NIS2 goes beyond paperwork, demanding real security measures and transparent assessments, ultimately enhancing operational stability and turning supply chains into strategic assets.

https://www.csoonline.com/article/4128381/nis2-supply-chains-as-a-risk-factor.html

European States Spin Wheels on Cybersecurity Directive

By CIO / Blog / cybersecurity, EU, NIS2, regulation

The Network and Information Security 2 Directive (NIS2), intended to enhance cybersecurity across the EU, faces delays in implementation. While some countries have fully transposed the directive, others, including France and Ireland, have yet to do so. This inconsistency creates uncertainty for businesses operating across borders and raises concerns about Europe’s cybersecurity posture.

https://www.bankinfosecurity.com/european-states-spin-wheels-on-cybersecurity-directive-a-30542

NIS2 Compliance: How to Get Passwords and MFA Right

By CIO / Blog / cybersecurity, NIS2, regulation, authentication

NIS2 Directive mandates improved cybersecurity for EU organizations, focusing on access control and password policies. It applies to medium and large entities in critical sectors with compliance penalties, emphasizing strong authentication measures. Recommendations include using long passphrases, avoiding mandatory password rotations, implementing multi-factor authentication (MFA), and educating users on security practices. Key steps include auditing password policies, deploying management solutions, and monitoring for breaches to align with NIS2 compliance effectively.

https://www.bleepingcomputer.com/news/security/nis2-compliance-how-to-get-passwords-and-mfa-right/

NIS2 Directive Explained Part 3 Supply Chain Security

By CIO / Blog / cybersecurity, NIS2

NIS2 directive mandates in-scope organizations to enhance supply chain security, involving supplier contract renegotiations and due diligence due to cybersecurity risks. Key compliance steps include creating security policies, risk assessments, contractual flow-downs, and maintaining an up-to-date supplier register. While NIS2 primarily targets direct suppliers, it encourages consideration of their subcontractors. Challenges may arise in contract modifications with large suppliers, and the directive indirectly affects suppliers by increasing compliance expectations and assessments. Overall, NIS2 emphasizes the importance of cybersecurity in supply chains, with further guidance from the Implementing Regulation and ENISA.

https://www.dlapiper.com/en/insights/publications/2025/12/nis2-directive-explained-part-3-supply-chain-security

NIS2: Much Needed, but Also More Work Pressure

By CIO / Blog / regulation, NIS2, cybersecurity

NIS2 Directive increases cybersecurity resilience in the Netherlands, requiring organizations to manage supplier risks. While essential, it imposes administrative burdens on clients and suppliers, potentially exceeding their readiness by the 2026 deadline. Preparing involves suppliers standardizing security documentation and clients assessing supplier risks.

https://ioplus.nl/en/posts/nis2-much-needed-but-also-more-work-pressure