In 2024, companies operating in the EU need to implement two major EU cybersecurity legislations: DORA and NIS 2
Digital Operational Resilience Act (DORA)
DORA is the first comprehensive cyber resilience regulation for the financial sector. It is directly applicable to all companies in scope operating on the EU market, with a compliance deadline of January 2025. While the scope is more limited than NIS 2, the requirements are more specific. Major challenge in DORA implementation is the critical ICT supplier management and assessment requirements and the close collaboration between different teams (legal, cyber, IT, purchasing, risk,...) within the entity to ensure the implementation of DORA's comprehensive measures.
What can companies do to implement DORA? Identify whether national regulator guidance imposes stricter rules. Plan, implement and check the implementation of each legal requirement. Pay attention to the contract management and critical ICT supplier management.
Network and Information System Security Directive (NIS 2)
NIS 2 regulates 18 critical sectors, including energy, health, transport, ICT service management and manufacturing, amongst others, and by extension, to their supply chain. It imposes cybersecurity, risk management and incident reporting. Major challenges for companies implementing NIS 2 are the supply chain management, including evidencing compliance, and prompt incident reporting deadlines.
What can companies do to implement NIS 2? First, identify whether the national law transposing the EU NIS 2 Directive in your (or your clients') country imposes stricter rules. Then, plan, implement and check the implementation of each legal requirement. Pay attention to the cybersecurity incident notification delay and process!
Your cybersecurity compliance contact: Iva Tasheva Co-Founder, Cyen, phone: +32 493 405 612
iva.tasheva@CyEn.eu
-
COMMENTING RULES
Commenting on www.vagabond.bg
Vagabond Media Ltd requires you to submit a valid email to comment on www.vagabond.bg to secure that you are not a bot or a spammer. Learn more on how the company manages your personal information on our Privacy Policy. By filling the comment form you declare that you will not use www.vagabond.bg for the purpose of violating the laws of the Republic of Bulgaria. When commenting on www.vagabond.bg please observe some simple rules. You must avoid sexually explicit language and racist, vulgar, religiously intolerant or obscene comments aiming to insult Vagabond Media Ltd, other companies, countries, nationalities, confessions or authors of postings and/or other comments. Do not post spam. Write in English. Unsolicited commercial messages, obscene postings and personal attacks will be removed without notice. The comments will be moderated and may take some time to appear on www.vagabond.bg.
Add new comment