Skip to content

NIS2 Compliance: Fines Up to €15 Million from October

The point: With the implementation of NIS2 in October, penalties for non-compliance will increase to up to €15 million.

The NIS2 Directive enters into force from October onwards. CISOs must be prepared for substantial fines from this point onwards if compliance requirements are not met.

The NIS2 Directive (Network and Information Security) enters into force from October of this year and brings considerable tightening of cybersecurity regulation for companies. Affected are operators of critical infrastructures as well as providers of essential services in the sectors of energy, transport, water, health, digital infrastructure and other sectors.

The penalty range for violations of NIS2 requirements reaches up to €15 million, depending on the severity and circumstances of the violation. This applies in particular to insufficient governance, lack of technical security measures, or failure to fulfil reporting obligations in case of incidents. The concrete amount depends on the national implementation and the responsible supervisory authority.

For CISOs, this means heightened responsibility for the complete documentation and implementation of security standards. This includes risk management processes, penetration testing, incident response plans as well as collaboration with authorities. Companies should use the remaining time until October to review their compliance status and close any gaps.


Source: news.google.com · Published June 29, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.2.

Share on: