NIS2 Directive Compliance Training
NIS2 Art. 20 makes management bodies personally liable for cybersecurity. Directors must be trained. Our NIS2 training covers scope, obligations, incident reporting, and the Croatian transposition.
NIS2 Training Curriculum
Scope & Applicability
Essential vs. important entities, sector classification, size thresholds, supply chain implications, and how to determine if NIS2 applies to your organization.
Management Body Obligations
Art. 20 personal liability, board-level training requirements, cybersecurity governance oversight, approval of risk management measures, and consequences of non-compliance.
Risk Management Measures
Art. 21 requirements: risk analysis, incident handling, business continuity, supply chain security, network security, vulnerability handling, cyber hygiene, cryptography, HR security, and access management.
Incident Reporting (24h/72h)
Three-stage reporting: 24-hour early warning, 72-hour incident notification, and one-month final report. What triggers reporting, what to include, and CERT coordination.
Supply Chain Security
Third-party risk management, vendor due diligence, contractual security requirements, supply chain attack prevention, and monitoring supplier cybersecurity posture.
Board Responsibility & Governance
Cybersecurity as a board agenda item, delegation vs. accountability, security investment decisions, risk appetite definition, and board reporting frameworks.
Croatian Transposition
How Croatia is implementing NIS2: the Cybersecurity Act, CERT.hr role, national authority structure, registration requirements, and sector-specific guidance.
Who Should Attend
For board members, CISOs, IT managers, and compliance officers responsible for NIS2 compliance and cybersecurity governance.
- 01Board & Directors
Board members and managing directors who are personally liable under Art. 20 and must approve cybersecurity risk management measures.
- 02CISOs & IT Management
Chief Information Security Officers and IT managers responsible for implementing NIS2 technical and organizational measures.
- 03Compliance Officers
Compliance and risk management professionals overseeing NIS2 implementation, reporting, and ongoing compliance monitoring.
Regulatory Framework
NIS2 training addresses the most significant EU cybersecurity regulation, replacing the original NIS Directive with substantially expanded scope and stricter requirements.
Ready to meet NIS2 training requirements?
Free 30-minute consultation, assess your NIS2 scope, plan management body training, get a proposal
Frequently Asked Questions
Does NIS2 apply to my organization?
NIS2 applies to medium and large organizations in 18 sectors including energy, transport, banking, health, digital infrastructure, ICT services, and public administration. 'Essential entities' face the strictest requirements; 'important entities' have similar but somewhat lighter obligations. Use our NIS2 Checker tool for a quick assessment.
Is management training mandatory under NIS2?
Yes. Art. 20(2) explicitly requires that 'members of the management bodies of essential and important entities are required to follow training.' This is not optional, it's a legal obligation with personal liability implications.
What are the fines for NIS2 non-compliance?
Essential entities: up to €10M or 2% of global annual turnover (whichever is higher). Important entities: up to €7M or 1.4% of global turnover. Additionally, management bodies can be held personally liable, and entities may face temporary suspension of certifications.
What is the NIS2 compliance timeline?
NIS2 was adopted in January 2023 with an October 2024 transposition deadline for member states. Croatia is implementing through the Cybersecurity Act. Organizations should already be working on compliance as enforcement is imminent.
How does NIS2 differ from the original NIS Directive?
NIS2 dramatically expands scope (from ~300 to ~10,000+ entities in Croatia alone), introduces personal liability for management, harmonizes incident reporting (24h/72h), mandates supply chain security, and increases fines. It also eliminates the distinction between operators of essential services and digital service providers.
How should we prepare for NIS2?
Start with a gap assessment against Art. 21 requirements. Ensure management body training (Art. 20). Implement incident reporting procedures. Review supply chain security. Register with the competent authority. Consider ISO 27001 certification as a foundation. Our training covers all these preparation steps.
Related compliance services
NIS2 compliance starts with trained leadership
Art. 20 personal liability means directors cannot delegate cybersecurity responsibility. Our NIS2 training ensures your management body understands their obligations, your team knows the reporting procedures, and your organization is prepared.