The NIS2 (Network and Information Security) Directive and the DORA (Digital Operational Resilience Act) are key regulatory frameworks shaping the future of cybersecurity and operational resilience within the European Union. This presentation will explore how these new standards affect IT companies, emphasizing the practical steps businesses must take to comply and ensure stronger cybersecurity and operational continuity.
Key takeaways - DORA applies to IT companies when providing IT services to financial institutions. - If DORA is applicable, IT companies may be inspected by the financial institutions and indirectly by the financial supervisory authority. - If DORA is applicable, outsourcing agreements must be reviewed and amended in compliance with DORA. - NIS2 applies to medium and large IT companies across a broader range of sectors. - NIS2 brings mandatory incident reporting required within 24 hours of major cyber incidents. - NIS2 stipulates requirement for strengthened security measures, including risk management and business continuity. - Non-compliance can result in heavy penalties, making regulatory alignment critical.
