NIS2 Compliance Articles

NIS2 and GDPR are two separate EU laws that can both apply to the same incident. Learn the key differences, when both laws trigger at once, and how to build a combined incident response that covers both.

A step-by-step guide to NIS2 Article 23 incident reporting. What makes an incident significant, what belongs in the 24h early warning, the 72h full notification, and the 1-month final report, plus country-specific reporting portals.

NIS2 Article 20 makes management bodies personally liable for cybersecurity breaches. Learn who is affected, what the training obligation requires, when executives can be suspended, and how to protect yourself as a board member.

NIS2 and ISO 27001 are both cybersecurity frameworks, but they are not the same. Learn the key differences, overlaps, and whether ISO 27001 certification satisfies NIS2 Article 21 obligations.

NIS2 fines can reach €10 million or 2% of global turnover. Understand how penalties are calculated, what triggers enforcement, and how to avoid them with a solid compliance programme.

A practical, step-by-step NIS2 compliance checklist covering all 10 Article 21 security measures. Use this guide to build your NIS2 programme from scratch or assess your current posture.

NIS2 officially excludes micro and small enterprises, but there are important exceptions. This guide helps SMEs understand the size thresholds, sector exceptions, and what to do if you are in scope.

NIS2 Article 21(2)(d) makes supply chain security mandatory for all in-scope entities. Learn what assessments are required, how to evaluate suppliers, and what ENISA's guidelines say.