Skip to content

NIS2 Audits Begin on June 30: EU Launches First Compliance Controls

On the point: Official NIS2 compliance audits begin on June 30, 2024, and will verify the actual implementation of cybersecurity measures at critical infrastructures and important digital services.

Starting June 30, 2024, the first official audits on the implementation of the NIS2 Directive in the EU will commence. For compliance officers, this marks the control phase following a transition period and thus represents a measurable review of cybersecurity measures.

The National Cybersecurity Authority and responsible regulatory bodies in EU Member States will conduct systematic compliance reviews starting June 30, 2024. These are directed at operators of critical infrastructures (KRITIS) and important digital services that fall under the NIS2 Directive.

The audits will specifically verify the implementation of required cybersecurity measures: risk management systems, incident reporting obligations (reporting within 72 hours), network segmentation, access controls, and regular security testing. Companies must document that these requirements are not only formally implemented but are also operationally effective in practice.

For compliance teams, this means: deviations must be remediated by this deadline. Missing or incomplete implementations lead to warnings or fines of up to a maximum of 50 million euros or 10 percent of global annual turnover per violation. Particularly critical are deficiencies in governance, incident documentation, and security measures for supply-chain risk mitigation.


Source: news.google.com · Published June 10, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.

Share on: