NIS2 Directive: A Comprehensive Update to Cybersecurity Frameworks
NIS2 is a European Union Directive designed to significantly expand the scope of the NIS1 Directive, which was transposed into Greek legislation through Law 4577/2018. On November 28, 2024, Law 5160/2024 was adopted and immediately came into effect, transposing NIS2 into Greek law.
The new legislation introduces, among other things:
- Stricter requirements for businesses, public administration, and critical infrastructure.
- Enhanced cybersecurity obligations, including risk management, reporting requirements, and information sharing.
- Provisions covering incident response, supply chain security, encryption, and vulnerability disclosure, among other critical aspects.
The NIS2 Directive and Law 5160/2024 apply to, among others:
- All medium-sized enterprises (with more than 50 employees and an annual turnover exceeding €10 million) and large enterprises operating in sectors such as Energy, Transportation, Healthcare, Cloud Services and Data Centers, Telecommunications, Food Production and Distribution, Chemical and Pharmaceutical Manufacturing, Waste and Wastewater Management, and Courier Services.
To ensure the effective implementation of NIS2 and Law 5160/2024, the legislation introduces a series of compliance measures (Articles 14 to 17), including fines and other administrative sanctions (Articles 26 to 27):
- For breaches of obligations under Articles 21 or 23, significant entities may face administrative fines of up to €7,000,000 or 1.4% of their total global annual turnover from the previous fiscal year, whichever is higher.
- Depending on the circumstances, the operation of the business may be restricted or suspended entirely.
What We Can Do for You:
Understanding and implementing the new law can be a complex process requiring meticulous handling on both legal and technical levels. With our expertise, we can provide you with reliable advice and compliance services for the intricate issues arising from the new legislation.
Our comprehensive services include:
- Compliance Advisory
- Training
- Audit Report / Maturity Scan
- Certification Counseling
- Incident Response Plan
- Risk Assessment Report
- Legal Support in Regulatory Investigations
- Litigation Services
For more information on the new legislation and our services, read our relevant Guide in Greek here