Skip to content

NIS2: Validato AG Addresses Human-Risk Gap in Risk Management

The bottom line: Validato AG offers a risk management framework that operationalizes human error and behavior as an explicit component of NIS2 §30 compliance.

Validato AG positions itself as a provider for a compliance gap in implementing NIS2 requirements: the regulation explicitly requires risk management measures in §30, but does not explicitly address the management of human-risk factors such as security behavior and error rates in the workforce.

The NIS2 Directive obligates operators of critical infrastructures and important digital service providers to establish systematic risk management according to §30. This includes the identification, analysis, and treatment of cyber risks. In practice, a regulatory gap has emerged: while technical and organizational measures are clearly defined, systematic capture and management of human-risk factors — such as phishing susceptibility, insufficient awareness, or process errors — often remain underspecified.

For CISOs, this is relevant because human error continues to be one of the largest attack vector categories. Where NIS2 requires technical controls but does not explicitly point to human-risk assessment and risk scoring, interpretation gaps arise. Compliance audits could either be too lenient or subsequently uncover deficiencies.

Validato AG offers, according to its own presentation, a framework that operationalizes human-risk as a component of §30 risk management — with metrics, assessment procedures, and mitigation roadmaps. This enables organizations to quantify their workforce as a risk factor and integrate it into the overall risk landscape of NIS2 compliance.


Source: news.google.com · Published June 29, 2026
Lumi AI News — AI-assisted curation according to Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.2.

Share on: