Key takeaway: First NIS2 compliance reviews conclude on 30 June, revealing widespread implementation gaps among critical infrastructure providers and large enterprises.
The first phase of NIS2 compliance reviews expires on 30 June. Reports indicate that many organisations have significant gaps in their implementation of the EU directive.
The European Directive on Network and Information Security (NIS2) requires critical infrastructure providers and large enterprises to meet defined security standards. The first audit phase with deadline 30 June 2024 provides initial insights into the state of implementation.
For CISOs, this deadline represents a critical assessment point: which measures have actually been implemented and which are still in the planning phase? The review typically reveals deficiencies in documentation, incident response preparation and supply chain risk management practices — areas explicitly required by NIS2.
By the deadline, organisations should reassess their compliance position and document areas where action is needed. In particular, the requirements for penetration testing, security incident reporting to authorities and governance structures often require further improvements.
Source: news.google.com · Published 26 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.