NIS2

Access the NIS2 compliance process now

Learn more

Take the first step towards NIS2 compliance

The NIS 2 Directive is a regulation adopted by the European Union to enhance cybersecurity and the resilience of critical infrastructures. NIS2 introduces risk management for cybersecurity, promotes cooperation and information sharing among member states, and enforces strict penalties for non-compliance. While it is not mandatory for all entities, the organizations affected must assess and identify security vulnerabilities and implement a corrective action plan.

What is required to comply with NIS2?

Achieving NIS2 compliance is a journey that affects every area of the company: technical, organisational, operational, managerial, legal, and administrative. Failing to comply or implementing incorrect procedures can result in penalties that vary in severity depending on the entity involved. It is therefore crucial to consider several aspects before proceeding, such as:

Legal Expertise

External legal expertise is required to handle all procedural activities, such as audits, minutes, and documentation.

Technical Expertise

Both internal and external technical expertise is essential to implement all the necessary systems to secure the company's infrastructure and network.

Governance Expertise

Finally, it becomes crucial to coordinate the previous expertise to address all gaps, both technical and legal, in order to ensure proper compliance and avoid penalties.

What are the deadlines for NIS2 compliance?

From January 1 to February 28, 2025

Companies must register on the ACN platform, indicating their business sector and a point of contact.

Scopri di più →
By March 31, 2025

It is the final deadline by which the ACN prepares the list of essential and important entities and communicates it to them through the platform.

From April 15 to May 31, 2025

Entities must communicate and/or update the ACN with additional information to enable inspections.

By December 31, 2025

Entities must comply with the obligations related to incident reporting.

By September 30, 2026

Entities must comply with all other obligations defined by the regulation.

The Challenges of the NIS2 Directive

Lack of clarity in the details

The broad scope that defines the entities subject to the regulation makes it challenging to determine whether an organization is required to comply or not.

Lack of awareness on the topic

The objective of the NIS2 regulation, which is to enhance cybersecurity and the resilience of critical infrastructures, is not perceived as a priority by the majority of Italian companies.

Strict deadlines and timelines

The Italian regulation entails several deadlines and requirements, including registration on the ACN portal, the implementation of planned systems, and periodic control audits.

Risk of penalties

Embarking on NIS2 compliance incorrectly or partially can result in severe penalties, such as fines, legal liability, compliance orders, or revocation of licenses.