NIS2 & Law 5160/2024 – Compliance for Businesses
The NIS2 Directive is the European Union’s new cybersecurity legislation, significantly expanding the scope of NIS1. In Greece, the NIS2 Directive has been transposed into national law through Law 5160/2024, which came into effect on November 28, 2024, replacing Law 4577/2018.
What Changes with NIS2
The new legislation introduces, among other things:
- Stricter obligations for businesses, public administrations, and critical infrastructure.
- Enhanced cybersecurity measures, such as risk management, mandatory reporting requirements, and information sharing.
- Mandatory compliance with security standards, including incident response, encryption, and supply chain security.
Who is Affected by NIS2 and Law 5160/2024?
Law 5160/2024 applies to medium and large enterprises (50+ employees or an annual turnover exceeding €10 million) in sectors such as:
- Energy, Transport, Healthcare
- Cloud Services & Data Centers, Telecommunications
- Food Production & Distribution, Pharmaceutical & Chemical Products
- Waste & Wastewater Management, Courier Services
Penalties for Non-Compliance
Businesses that fail to comply with the requirements of NIS2 and Law 5160/2024 may face:
- Administrative fines of up to at least €7,000,000 or up to 1.4% of their total global annual turnover for the previous financial year if they violate the obligations of Articles 21 or 23.
- Potential restrictions or even suspension of business operations, depending on the circumstances.
How We Can Help
Understanding and implementing the new law can be a complex process that requires careful handling both legally and technically. With our expertise, we can provide reliable advice and compliance services on complex issues related to the NIS2.
Our comprehensive services include:
- Compliance Consulting
- Training
- Audit Report / Maturity Scan
- Certification Counseling
- Incident Response Plan
- Risk Assessment Report
- Litigation Services
- Legal Support in Regulatory Audits
For more information on NIS2 Directive and our services, read our relevant Guide in Greek here
Nothing in this publication shall be construed as legal advice. The publication is necessarily generalised. Professional advice should therefore be sought before any action is undertaken based on this publication.