{"id":20821,"date":"2024-05-24T16:33:21","date_gmt":"2024-05-24T14:33:21","guid":{"rendered":"https:\/\/brandcompliance.com\/?post_type=docs&#038;p=20821"},"modified":"2026-03-27T10:37:34","modified_gmt":"2026-03-27T09:37:34","password":"","slug":"nis2-liability","status":"publish","type":"docs","link":"https:\/\/brandcompliance.com\/en\/docs\/nis2-liability\/","title":{"rendered":"NIS2 liability for board members"},"content":{"rendered":"<p>In this article we inform you about the NIS2 liability for board members. The <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A32022L2555\" rel=\"noopener\">Network and Information Security (NIS2) directive<\/a> represents a shift in the approach to cybersecurity within the European Union. The NIS2 Directive expands the responsibilities of organizations. In doing so, it imposes requirements on the boards of both <strong><em>essential<\/em><\/strong> and <strong><em>important<\/em><\/strong> entities.<\/p>\n<p><span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">The NIS2 regulations have come into effect from the end of 2024.<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">This makes it necessary for many companies to take measures and implement cybersecurity.<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Would you like to know whether your organization is subject to NIS2 liability?<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Via <a href=\"https:\/\/nis2directive.eu\/who-are-affected-by-nis2\/\" rel=\"noopener\">this link<\/a> you will find extensive information and you can check whether NIS2 applies to your organization.<\/span><\/span><\/p>\n<h2><strong><img decoding=\"async\" class=\"alignright wp-image-20817\" src=\"http:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/05\/pexels-cqf-avocat-188397-613508_web2-300x266.jpg\" alt=\"NIS2 liability\" width=\"218\" height=\"194\" srcset=\"https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/05\/pexels-cqf-avocat-188397-613508_web2-300x266.jpg 300w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/05\/pexels-cqf-avocat-188397-613508_web2-768x680.jpg 768w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/05\/pexels-cqf-avocat-188397-613508_web2-600x531.jpg 600w, https:\/\/brandcompliance.com\/wp-content\/uploads\/2024\/05\/pexels-cqf-avocat-188397-613508_web2.jpg 810w\" sizes=\"(max-width: 218px) 100vw, 218px\" \/>NIS2 obligations <\/strong><\/h2>\n<p>One of the most striking changes is the explicit NIS2 liability imposed on management. Boards of essential and important entities are directly liable for compliance.<\/p>\n<p>To meet its responsibilities, management must:<\/p>\n<ul>\n<li>adopt cybersecurity risk management measures, as required by Article 18;<\/li>\n<li>monitor the implementation of the directive;<\/li>\n<li>take responsibility for compliance with the directive.<\/li>\n<\/ul>\n<p>It is therefore important for directors to be proactive in managing cybersecurity and remain alert to potential threats.<\/p>\n<h3><strong>Cybersecurity training <\/strong><\/h3>\n<p>Board members and management should be trained in cybersecurity so that they can effectively fulfill their responsibilities and liabilities. After all, members of management teams should be well equipped to evaluate cybersecurity risks and understand the impact on business operations. This is achieved by attending cybersecurity training courses. Directors should have demonstrably participated in such training.<\/p>\n<h2><strong>Who will be the supervisor of NIS2? <\/strong><\/h2>\n<p>The enforcement of NIS2 lies with national authorities.\u00a0These aim to achieve a high level of cybersecurity in their country.<\/p>\n<p><span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">However, there are situations where sanctions may be necessary.<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">They have the following powers for this purpose:<\/span><\/span><\/p>\n<ul>\n<li>inspections to verify compliance with cybersecurity risk management measures and incident reporting rules;<\/li>\n<li>conduct regular conformity assessment of essential entities;<\/li>\n<li>initiate information requests to assess an entity&#8217;s controls.<\/li>\n<\/ul>\n<h3><strong>Phased approach <\/strong><\/h3>\n<p>Cyber risks have a rapidly escalating nature. They can have a significant impact. That is why national authorities have the power to intervene immediately, with a range of controls. The NIS2 directive takes a phased approach to compliance and sanctions. This starts with warnings. In case of continued non-compliance, binding instructions and fines follow.<\/p>\n<h3><strong>NIS2 fines <\/strong><\/h3>\n<p>Non-compliance can result in the following sanctions, among others:<\/p>\n<ul>\n<li>warnings and binding instructions to correct deficiencies;<\/li>\n<li>requirements to stop certain activities;<\/li>\n<li>obligations to adjust risk management measures;<\/li>\n<li>disclosure of non-compliance and publication of the responsible individuals or organizations;<\/li>\n<li>imposing fines ranging from a minimum of \u20ac500 to a maximum of \u20ac10,000,000.<\/li>\n<\/ul>\n<p>Essential entities may additionally face specific controls such as appointing a supervisory officer and, if necessary, temporarily preventing individuals in management positions from carrying out their responsibilities.<\/p>\n<h2><strong>NIS2 liability <\/strong><\/h2>\n<p>The introduction of NIS2 liability for the management emphasizes the importance of directors playing an active and informed role in cybersecurity. Due to the potential legal and financial consequences of non-compliance, they must take these responsibilities seriously. It is important that directors take the <a href=\"https:\/\/brandcompliance.com\/en\/docs\/cyberfundamentals-nis2\/\">necessary steps<\/a> to adequately protect their organizations against cyber threats.<\/p>\n<h4><span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Prepare your organization!<\/span><\/span><\/h4>\n<p><span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Want to learn more about NIS2 and what we can do for you?<\/span><\/span> <span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">Our experts are happy to discuss this topic with you.<\/span><\/span><\/p>\n<p><span class=\"jCAhz ChMk0b\"><span class=\"ryNqvb\">\ud83d\udcde <strong>Contact us today<\/strong> for a free consultation or request more information about a training, certification, or verification.<\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article we inform you about the NIS2 liability for board members. The Network and Information Security (NIS2) directive represents a shift in the&#8230;<\/p>\n","protected":false},"author":22,"featured_media":20817,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"doc_category":[2366],"doc_tag":[],"class_list":["post-20821","docs","type-docs","status-publish","has-post-thumbnail","hentry","doc_category-nis2-en"],"acf":[],"year_month":"2026-04","word_count":546,"total_views":"3643","reactions":{"happy":"0","normal":"0","sad":"0"},"author_info":{"name":"Hilde","author_nicename":"hilde","author_url":"https:\/\/brandcompliance.com\/en\/author\/hilde\/"},"doc_category_info":[{"term_name":"NIS2 Directive","term_url":"https:\/\/brandcompliance.com\/en\/docs-category\/nis2-en\/"}],"doc_tag_info":[],"knowledge_base_info":[],"knowledge_base_slug":[],"_links":{"self":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs\/20821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/comments?post=20821"}],"version-history":[{"count":3,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs\/20821\/revisions"}],"predecessor-version":[{"id":25467,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/docs\/20821\/revisions\/25467"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/media\/20817"}],"wp:attachment":[{"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/media?parent=20821"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/doc_category?post=20821"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/brandcompliance.com\/en\/wp-json\/wp\/v2\/doc_tag?post=20821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}