In brief: CEOs and board members in critical infrastructures must complete regular cybersecurity training starting in December.
The NIS2 Directive obligates executives in critical infrastructure operators and essential service providers to undergo regular cybersecurity training starting in December. This requirement becomes part of compliance obligations for boards and management.
The national implementation of the EU’s NIS2 Directive stipulates that executives at operators of critical infrastructure and providers of essential services are required to participate regularly in cybersecurity training. This obligation becomes effective in December of this year and directly affects board members and management of affected companies.
The aim of the regulation is to ensure that board-level executives develop a fundamental understanding of cybersecurity risks and their consequences for the organization. This enables those responsible to make informed decisions on cybersecurity and exercise the necessary strategic oversight. The training should create appropriate risk awareness and establish the importance of security measures in operational business.
Affected organizations must ensure that their executives complete the required training and can document completion. This is part of the broader compliance requirements of the NIS2 Directive, which regulates not only technical measures but also organizational and governance aspects of cybersecurity.
Source: news.google.com · Published May 31, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.2.