Field notes from the SOC and the audit room.
Two new posts a month. Written by the people who run the platform.
NIS2 in Germany: How the New BSI-Gesetz Transposes the EU Directive
Germany transposed NIS2 through the NIS2UmsuCG of 5 December 2025, replacing the BSI-Gesetz in full. Scope, BSI authority, KRITIS rules, incident reporting, fines and what to do this quarter.
NIS2 in Belgium: How the Law of 26 April 2024 Transposes the EU Directive
Belgium transposed NIS2 through the Law of 26 April 2024, designating the CCB, NCCN and sectoral regulators as the institutional pillars. What every essential and important entity needs to know after twenty months in force.
NIS2 in Luxembourg: How the Law of 5 May 2026 Transposes the EU Directive
Luxembourg transposed NIS2 through the Law of 5 May 2026, designating ILR, HCPN and CIRCL as the institutional pillars. What every essential and important entity needs to know.
Coordinated Vulnerability Disclosure: A New Framework for Researchers
Understand NIS2 Article 12 coordinated vulnerability disclosure framework. Learn how researchers, vendors, and CSIRTs interact in Europe's new CVD process.
NIS2 for Manufacturing: Cars, Electronics, and Machinery
Understand NIS2 requirements for manufacturers of vehicles, electronics, and machinery. Learn what 'important entities' must implement under Annex II.
Proportionality in Practice: Right-Sizing Your NIS2 Measures
Master NIS2 proportionality requirements. Learn how to assess, scale, and justify cybersecurity measures for essential and important entities.
NIS2 for the Financial Sector: Understanding the DORA Relationship
NIS2 and DORA for financial sector: understand how cybersecurity frameworks overlap for banks, payment institutions, and investment firms.
Cooperation Group, CSIRTs Network, EU-CyCLONe: EU Coordination at Scale
NIS2 cross-border coordination: Cooperation Group, EU-CyCLONe platform, and CSIRT network for collective incident response and intelligence sharing.
Cybersecurity Certification and Standards Under NIS2
NIS2 certification and standards under Articles 24-25: EU schemes, ISO 27001, and security certification requirements for designated entities.
National Cybersecurity Strategies Under NIS2: What Article 7 Requires
NIS2 Article 7 requirements for national strategies: policy framework, sectoral governance, research, and risk assessment mandates for Member States.
NIS2 for MSPs and MSSPs: From Vendor to Regulated Entity
NIS2 scope for MSPs and MSSPs: understand how managed service providers become regulated entities under Annex I, Sector 9.
NIS2 and GDPR: Where Cybersecurity Meets Data Protection
Understand NIS2-GDPR overlap: how cybersecurity obligations under NIS2 Articles 21, 35 complement GDPR Articles 32, 33-34 data protection requirements.
What Makes an Incident 'Significant'? Understanding the Reporting Threshold
Understand NIS2's significant incident threshold under Article 23(3): criteria for mandatory 24-hour reporting to authorities and CSIRTs.
NIS2 for Transport: Aviation, Rail, Maritime, and Road
NIS2 for transport sector: understand obligations for aviation, rail, maritime, and road operators under Annex I, Sector 2.
The NIS2 Institutional Architecture: Authorities, CSIRTs, and Contact Points
Understand NIS2's governance structure: competent authorities, CSIRTs, single contact points, and their roles in incident response and coordination.
Administrative Fines Under NIS2: The EUR 10M and EUR 7M Frameworks
Understand NIS2 administrative fines under Articles 34-35: EUR 10 million for major violations, EUR 7 million for non-compliance. Enforcement, appeals, and mitigation.
NIS2 for Healthcare: Hospitals, Pharma, and Medical Device Manufacturers
NIS2 for healthcare sector: understand obligations for hospitals, pharmaceutical manufacturers, and medical device makers under Annex I, Sector 5.
NIS2, CER Directive, and DORA: Navigating Overlapping Frameworks
Navigate overlapping EU cybersecurity regulations: NIS2, DORA, and CER. Understand scope, Article 4 distinctions, and governance architecture.
The All-Hazards Approach: Why NIS2 Goes Beyond Digital Threats
NIS2 Article 21 mandates all-hazards approach: cyber, physical (fire, theft, flooding) and environmental security. Learn what this means in practice.
NIS2 for Digital Infrastructure: Cloud, Data Centres, DNS, and CDNs
NIS2 digital infrastructure sector (cloud, data centres, DNS, CDNs) most harmonised. Implementing acts, ENISA registry, and compliance guidance explained.
Essential vs. Important Entities: Classification, Obligations, and Supervision
Understand NIS2 essential and important entity classification. Differences in obligations, supervision, and enforcement implications explained clearly.
NIS2 Enforcement Powers: What Regulators Can Do and How to Prepare
Understand NIS2 enforcement powers (Articles 32-34). What regulators can do, penalty tiers, serious infringements, and how to minimize enforcement risk.
NIS2 for the Energy Sector: Compliance Across Electricity, Oil, Gas, and Hydrogen
Energy sector NIS2 guide covering electricity, oil, gas, hydrogen, nuclear considerations, supply chain vulnerabilities, and implementation roadmap.
Supply Chain Security Under NIS2: Managing Third-Party Risk
Master NIS2 supply chain security (Article 21(2)(d)). Vendor assessment, contractual controls, monitoring, and coordinated risk assessments explained.
The NIS2 Incident Reporting Framework: Step-by-Step Guide
Master NIS2 incident reporting: 24-hour and 72-hour timelines, notification process, what to report, and how to comply with Article 23.
Board-Level Cybersecurity Accountability Under NIS2
NIS2 Article 20 makes boards liable for cybersecurity. Understand governance requirements, approval duties, oversight, training, and personal liability.
Article 21 Decoded: The 10 Cybersecurity Risk-Management Measures
Master NIS2 Article 21's 10 mandatory cybersecurity risk-management measures. Detailed breakdown with implementation guidance for each measure.
From NIS1 to NIS2: What Changed and Why It Matters
Understand the evolution from NIS1 to NIS2. Learn scope expansion, fragmentation fixes, enforcement changes, and what matters for your compliance.
NIS2 Scope Demystified: How to Determine If Your Organisation Is In Scope
Decode NIS2 scope in 6 minutes. Check if you're in scope: Annex I/II sectors, size rules, exceptions, and Member State discretion explained clearly.
The Ultimate Guide to NIS2 Compliance: Everything You Need to Know
Complete NIS2 compliance guide covering scope, obligations, reporting, enforcement, and sectors. Essential reading for CISOs and compliance teams.