Question 1

What is the NIS2 Directive?

Accepted Answer

It is the European directive on network and information systems security, establishing cybersecurity obligations for essential and important entities.

Question 2

Is my company covered by NIS2?

Accepted Answer

It depends on sector and size. NIS2 covers sectors such as energy, transport, health, digital infrastructures, among others.

Question 3

What are the main NIS2 obligations?

Accepted Answer

Risk management, security measures, incident notification, cybersecurity governance and management accountability.

Question 4

How long do I have to notify an incident?

Accepted Answer

NIS2 provides initial notification in 24h, update in 72h and final report in 1 month. Specific deadlines may vary.

Question 5

What are the penalties for non-compliance?

Accepted Answer

NIS2 provides significant fines, potentially reaching millions of euros or percentage of turnover, depending on entity category.

Question 6

Do I need cybersecurity certification?

Accepted Answer

NIS2 does not require mandatory certification, but it may be required in specific sectors or by contractual requirements.

Question 7

Does management have personal liability?

Accepted Answer

NIS2 provides for management accountability, including mandatory training and possible personal sanctions.

Question 8

How does it relate to GDPR?

Accepted Answer

They are complementary. GDPR focuses on personal data protection; NIS2 on network and systems security. Both require security measures.

Cybersecurity

When it makes sense

What is included

How it works

Assessment

Planning

Implementation

Monitoring

Information needed to start

Timeframes and influencing factors

Frequently asked questions

Related Services

GDPR & LGPD

Artificial Intelligence

Startups & Tech

Need cybersecurity support?