Field notes from the SOC and the audit room.
Two new posts a month. Written by the people who run the platform.
Administrative Fines Under NIS2: The EUR 10M and EUR 7M Frameworks
Understand NIS2 administrative fines under Articles 34-35: EUR 10 million for major violations, EUR 7 million for non-compliance. Enforcement, appeals, and mitigation.
NIS2 for Healthcare: Hospitals, Pharma, and Medical Device Manufacturers
NIS2 for healthcare sector: understand obligations for hospitals, pharmaceutical manufacturers, and medical device makers under Annex I, Sector 5.
NIS2, CER Directive, and DORA: Navigating Overlapping Frameworks
Navigate overlapping EU cybersecurity regulations: NIS2, DORA, and CER. Understand scope, Article 4 distinctions, and governance architecture.
The All-Hazards Approach: Why NIS2 Goes Beyond Digital Threats
NIS2 Article 21 mandates all-hazards approach: cyber, physical (fire, theft, flooding) and environmental security. Learn what this means in practice.
NIS2 for Digital Infrastructure: Cloud, Data Centres, DNS, and CDNs
NIS2 digital infrastructure sector (cloud, data centres, DNS, CDNs) most harmonised. Implementing acts, ENISA registry, and compliance guidance explained.
Essential vs. Important Entities: Classification, Obligations, and Supervision
Understand NIS2 essential and important entity classification. Differences in obligations, supervision, and enforcement implications explained clearly.
NIS2 Enforcement Powers: What Regulators Can Do and How to Prepare
Understand NIS2 enforcement powers (Articles 32-34). What regulators can do, penalty tiers, serious infringements, and how to minimize enforcement risk.
NIS2 for the Energy Sector: Compliance Across Electricity, Oil, Gas, and Hydrogen
Energy sector NIS2 guide covering electricity, oil, gas, hydrogen, nuclear considerations, supply chain vulnerabilities, and implementation roadmap.
Supply Chain Security Under NIS2: Managing Third-Party Risk
Master NIS2 supply chain security (Article 21(2)(d)). Vendor assessment, contractual controls, monitoring, and coordinated risk assessments explained.