The Bottom Line: NIS2 and IGA make the control of user permissions a strategic leadership responsibility, shared by CISOs and executive management.
With the NIS2 Directive and the requirements of Identity Governance and Administration (IGA), the management of permissions moves into the focus of corporate leadership. CISOs must ensure that access is systematically controlled and documented.
The European NIS2 Directive and Identity Governance and Administration (IGA) frameworks require organisations to systematically control and document permissions across all systems. Hitherto, permission management was often purely a technical IT security function; now it becomes a strategic responsibility of executive management.
The requirements address several key points: (1) Who has access to which data and systems? (2) How is this access approved and documented? (3) How are permissions regularly reviewed and outdated access removed? (4) What evidence can be presented during audits? For CISOs, this means they cannot organise these processes in isolation within IT, but must coordinate with business units, human resources and compliance teams.
This has concrete consequences: identity and access management becomes part of risk management at board level, not merely a technical compliance tool. Organisations that today still manage their permission landscapes manually or in a fragmented manner must invest in automated, traceable systems. The documentation and tracking of access decisions will be directly demanded of CISOs in audits.
Source: news.google.com · Published 30 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.