ZataCom - IT Consulting and Cloud Solutions for Businesses, Professionals, Public Institutions, and Non-Profit Organizations - Modena

IT consulting Modena

NIS2 DORA

NIS2 and DORA

The European Union has introduced two key regulations to strengthen the digital resilience of organizations: the NIS2 Directive and the DORA Regulation. These regulatory frameworks impose new and stringent obligations across a wide range of sectors, aiming to ensure a high and common level of cybersecurity throughout the single market.

What is the NIS2 Directive?

The NIS2 Directive (Network and Information Systems Directive 2) is an evolution of the previous NIS Directive and aims to enhance the security of networks and information systems within the EU. It significantly expands the range of sectors considered critical for society and the economy, including, among others, healthcare, transport, energy, digital services, and public administration.

Key points of NIS2 include:

  • Risk Management: Companies are required to adopt appropriate technical and organizational measures to manage risks to the security of their information systems.
  • Notification Obligations: Organizations must promptly notify competent authorities and, in some cases, their service recipients, of significant security incidents.
  • Supply Chain Security: Special attention is given to security across the entire supply chain, requiring the assessment and management of risks related to all suppliers.

Penalties for non-compliance:

  • Direct management responsibility
    Directors and those in managerial positions are personally liable for failing to implement the required security measures, which may result in legal consequences and penalties under Article 38 of Legislative Decree 138/2024 (implementing the NIS2 Directive). Regulatory authorities may remove or disqualify directors or individuals with managerial responsibility.
  • Suspension of operations
    Temporary suspension of business activities and services until the company demonstrates compliance with the directive.
  • Financial penalties
    Up to €10 million or 2% of the global annual turnover (whichever is higher).

What is the DORA Regulation?

The DORA Regulation (Digital Operational Resilience Act) is specifically designed for the financial sector and its critical ICT service providers. Its goal is to ensure that the European financial system can withstand, respond to, and recover from any type of threat or disruption related to information and communication technologies.

Our NIS2 and DORA Services:

  • Initial NIS2 and DORA compliance assessment
  • Technical and organizational adaptation plan
  • Staff training and awareness programs
  • Ongoing support and periodic audits