Cyber resilience is becoming a strategic business question, requiring CISOs to assume business responsibility and integrate regulatory requirements into governance processes.
Germany’s NIS2 law becomes mandatory in December and obligates approximately 29,500 companies to implement standardized information security management, risk governance, and incident reporting.
The NIS2 Directive covers approximately 30,000 additional companies that must align their cybersecurity governance and technical controls with EU-wide standards.
Temporary onboarding passwords distributed via email or SMS and not consistently changed create unnecessary security risks for companies and violate NIS2 standards.
Data sovereignty through local cloud infrastructure is necessary but insufficient — true control requires robust identity governance and transparency over metadata, encryption keys, and access protocols.
The EU launches infringement proceedings against France and Spain for failing to transpose the NIS2 Directive into national law after the transposition deadline expired.