Insights

For many organisations across Europe, NIS2 preparation has remained a strategic discussion rather than an operational priority. That is about to change.

With the NIS2 Directive now in force across much of the EU, energy and manufacturing organisations are dealing with the reality of a more stringent cyber security regime. Most Member States have transposed the directive into national law, but with varying definitions, reporting timelines and audit expectations. This patchwork means companies operating in multiple jurisdictions must navigate different obligations at once — a challenge that has already caught some businesses off guard. 

Across the globe regulatory frameworks for cyber security are becoming stricter and more complex. As digital infrastructure grows and cyber threats escalate, governments are tightening enforcement, introducing new standards, and expecting organisations to demonstrate robust cyber resilience.

For many, presenting cyber security requirements to the board has often felt like an uphill battle, especially when it comes to regulatory frameworks. With the introduction of the NIS2 Directive, this dynamic has become even more pressing. While CISOs are acutely aware of the potential risks of non-compliance, boards may still struggle to grasp the urgency or allocate the necessary resources. Bridging this gap is essential for businesses to meet the new regulatory requirements and safeguard their operations.

Organisations across Europe are bracing for the full implementation of the NIS2 Directive (Network and Information Systems Directive 2). This updated legislation, which strengthens the security requirements for critical infrastructure, will become applicable by 18th October 2024. While it is an EU directive, its impact extends beyond the EU borders, affecting UK-based companies as well, despite the UK no longer being an EU member.