CCNet

CCNet

Dec 4, 2023   •  1 min read

Navigating The NIS2 Directive - who determines wether your company falls under its purview?

Navigating the NIS2 Directive: Who determines whether your company falls under its purview?

The NIS2 Directive, with its expansive scope, has far-reaching implications for companies within the EU. But who decides whether your company falls under its purview? Understanding the scope of this directive is essential for navigating the complex landscape of compliance. This article highlights the process and identifies those responsible for making this important decision regarding the directive's scope and applicability to your business.

The decision-making process

The determination of whether a company is affected by the NIS2 Directive lies in the hands of the national supervisory authorities of the EU member states. These authorities are responsible for monitoring and enforcing compliance with the NIS2 Directive, a task that determines a company’s obligations under the law.

Step 1: Self-assessment

Companies must undertake a self-assessment based on NIS2 criteria, focusing on aspects like company size and the importance of their critical infrastructure.

Step 2: Professional advice

For assistance, companies may seek guidance from consultants and legal experts to gain a comprehensive assessment of their position concerning the NIS” Directive.

Step 3: Exchange with the supervisory authority

To gain additional clarity, companies should directly engage with the relevant nation supervisory authority.

Step 4: Formal decision

The national authority, after evaluating the company’s provided information and other pertinent factors, will issue a formal decision regarding the NIS2 Directive’s applicability.

Step 5: Registration and Compliance

Companies falling under the NIS2 Directive are registered accordingly and undergo regular audits to verify compliance.

Conclusion

It is essential that companies act proactively and, if in doubt, contact the relevant authorities or qualified advisors. By seeking early clarification and ensuring compliance, companies can meet all legal requirements and safeguard themselves against potential risks.

Effective cybersecurity reporting: Tips for creation, documentation, and forwarding

Effective cybersecurity reporting: Tips for creation, documentation, and forwarding

The creation, documentation, and forwarding of cybersecurity reports are essential tasks to keep an eye on a company's security posture and communicate transparently. Below are the key steps to establish an efficient process for cybersecurity reports. It is not only about technical documentation but also about organizing information flows and ...

CCNet

CCNet

Apr 11, 2025   •  3 min read

Compliance register: a central tool for effective compliance monitoring

Compliance register: a central tool for effective compliance monitoring

## Compliance Register: A Central Tool for Effective Compliance Monitoring   A compliance register is an essential component of robust compliance management. It enables the systematic recording and monitoring of all legal and regulatory requirements, internal policies, and contractual obligations. Regular updates of this register ensure that companies consistently meet the latest ...

CCNet

CCNet

Apr 9, 2025   •  3 min read

Monitoring and documentation of legal and regulatory requirements related to cybersecurity

Monitoring and documentation of legal and regulatory requirements related to cybersecurity

Monitoring and Documentation of Legal and Regulatory Requirements in Cybersecurity The goal of this process is to ensure continuous compliance with all legal and regulatory requirements in the field of cybersecurity. A clear overview of laws, regulations, and standards contributes to ensuring compliance and protects the company's IT security. Process ...

CCNet

CCNet

Apr 7, 2025   •  2 min read