Blog

Designated as a CER critical entity? Article 3(1)(f) automatically classifies you as a NIS2 essential entity — learn what dual compliance requires.

Article 27 registration: 6 required fields to gather, portals for Germany, Italy, Belgium and Romania, and the 3-month change obligation explained.

CIR 2024/2690 Annex 9 defines 10 specific controls your NIS2 cryptography policy must document. This section-by-section walkthrough covers algorithm requirements, key lifecycle cadences, and audit evidence — the detail no other guide covers.

CIR 2024/2690 Annex 9 defines 10 specific controls your NIS2 cryptography policy must document. This section-by-section walkthrough covers algorithm requirements, key lifecycle cadences, and audit evidence — the detail no other guide covers.

One incident triggers NIS2’s 24h/72h CSIRT deadlines and GDPR’s 72h DPA clock simultaneously. This operational playbook maps both tracks.

Last verified: April 2026. Based on Regulation (EU) 2024/2847 (Cyber Resilience Act) and Directive (EU) 2022/2555 (NIS2) via EUR-Lex and official EU sources. Two EU cybersecurity laws entered force within two months of each other in late 2024. NIS2 (Directive…

Preparing for a NIS2 supervisory inspection? This guide maps all 6 audit tools from Articles 32 and 33 to the exact documentation authorities will request.

Most CEOs don’t know Article 32 can suspend them personally — here’s exactly what Article 20 requires boards to do, and what evidence regulators check.

Last verified: April 2026. Based on Directive (EU) 2022/2555 (NIS2) and Directive (EU) 2016/1148 (NIS1) via EUR-Lex. The original NIS Directive (2016/1148) was the EU’s first binding cybersecurity law — a genuine step forward. But its core design flaw became…

The NIS2 full text is free on EUR-Lex — here are the exact links, the 9-chapter structure, and the 5 articles that cover 90% of your compliance obligations.