Field notes from the SOC and the audit room.
Two new posts a month. Written by the people who run the platform.
Essential vs. Important Entities: Classification, Obligations, and Supervision
Understand NIS2 essential and important entity classification. Differences in obligations, supervision, and enforcement implications explained clearly.
NIS2 Enforcement Powers: What Regulators Can Do and How to Prepare
Understand NIS2 enforcement powers (Articles 32-34). What regulators can do, penalty tiers, serious infringements, and how to minimize enforcement risk.
NIS2 for the Energy Sector: Compliance Across Electricity, Oil, Gas, and Hydrogen
Energy sector NIS2 guide covering electricity, oil, gas, hydrogen, nuclear considerations, supply chain vulnerabilities, and implementation roadmap.
Supply Chain Security Under NIS2: Managing Third-Party Risk
Master NIS2 supply chain security (Article 21(2)(d)). Vendor assessment, contractual controls, monitoring, and coordinated risk assessments explained.
The NIS2 Incident Reporting Framework: Step-by-Step Guide
Master NIS2 incident reporting: 24-hour and 72-hour timelines, notification process, what to report, and how to comply with Article 23.
Board-Level Cybersecurity Accountability Under NIS2
NIS2 Article 20 makes boards liable for cybersecurity. Understand governance requirements, approval duties, oversight, training, and personal liability.
Article 21 Decoded: The 10 Cybersecurity Risk-Management Measures
Master NIS2 Article 21's 10 mandatory cybersecurity risk-management measures. Detailed breakdown with implementation guidance for each measure.
From NIS1 to NIS2: What Changed and Why It Matters
Understand the evolution from NIS1 to NIS2. Learn scope expansion, fragmentation fixes, enforcement changes, and what matters for your compliance.
NIS2 Scope Demystified: How to Determine If Your Organisation Is In Scope
Decode NIS2 scope in 6 minutes. Check if you're in scope: Annex I/II sectors, size rules, exceptions, and Member State discretion explained clearly.