Field notes from the SOC and the audit room.
Two new posts a month. Written by the people who run the platform.
Administrative Fines Under NIS2: The EUR 10M and EUR 7M Frameworks
Understand NIS2 administrative fines under Articles 34-35: EUR 10 million for major violations, EUR 7 million for non-compliance. Enforcement, appeals, and mitigation.
NIS2 for Healthcare: Hospitals, Pharma, and Medical Device Manufacturers
NIS2 for healthcare sector: understand obligations for hospitals, pharmaceutical manufacturers, and medical device makers under Annex I, Sector 5.
NIS2, CER Directive, and DORA: Navigating Overlapping Frameworks
Navigate overlapping EU cybersecurity regulations: NIS2, DORA, and CER. Understand scope, Article 4 distinctions, and governance architecture.
The All-Hazards Approach: Why NIS2 Goes Beyond Digital Threats
NIS2 Article 21 mandates all-hazards approach: cyber, physical (fire, theft, flooding) and environmental security. Learn what this means in practice.
NIS2 for Digital Infrastructure: Cloud, Data Centres, DNS, and CDNs
NIS2 digital infrastructure sector (cloud, data centres, DNS, CDNs) most harmonised. Implementing acts, ENISA registry, and compliance guidance explained.
Essential vs. Important Entities: Classification, Obligations, and Supervision
Understand NIS2 essential and important entity classification. Differences in obligations, supervision, and enforcement implications explained clearly.
NIS2 Enforcement Powers: What Regulators Can Do and How to Prepare
Understand NIS2 enforcement powers (Articles 32-34). What regulators can do, penalty tiers, serious infringements, and how to minimize enforcement risk.
NIS2 for the Energy Sector: Compliance Across Electricity, Oil, Gas, and Hydrogen
Energy sector NIS2 guide covering electricity, oil, gas, hydrogen, nuclear considerations, supply chain vulnerabilities, and implementation roadmap.
Supply Chain Security Under NIS2: Managing Third-Party Risk
Master NIS2 supply chain security (Article 21(2)(d)). Vendor assessment, contractual controls, monitoring, and coordinated risk assessments explained.
The NIS2 Incident Reporting Framework: Step-by-Step Guide
Master NIS2 incident reporting: 24-hour and 72-hour timelines, notification process, what to report, and how to comply with Article 23.
Board-Level Cybersecurity Accountability Under NIS2
NIS2 Article 20 makes boards liable for cybersecurity. Understand governance requirements, approval duties, oversight, training, and personal liability.
Article 21 Decoded: The 10 Cybersecurity Risk-Management Measures
Master NIS2 Article 21's 10 mandatory cybersecurity risk-management measures. Detailed breakdown with implementation guidance for each measure.
From NIS1 to NIS2: What Changed and Why It Matters
Understand the evolution from NIS1 to NIS2. Learn scope expansion, fragmentation fixes, enforcement changes, and what matters for your compliance.
NIS2 Scope Demystified: How to Determine If Your Organisation Is In Scope
Decode NIS2 scope in 6 minutes. Check if you're in scope: Annex I/II sectors, size rules, exceptions, and Member State discretion explained clearly.
The Ultimate Guide to NIS2 Compliance: Everything You Need to Know
Complete NIS2 compliance guide covering scope, obligations, reporting, enforcement, and sectors. Essential reading for CISOs and compliance teams.