About

Between October 2024 and January 2025, three new EU regulations* - the Network and Information Security Directive (NIS2), the Directive on the Resilience of Critical Entities (CER), and the Digital Operational Resilience Act – also known as DORA - will become applicable, after the European Member States will have transposed the requirements of these Directives into national law.

All three establish a clear impetus towards cyber, operational, and technological resilience of the organisations involved. They reflect a clear shift from a reactive modus to a pro-active modus, from a defensive approach focusing on keeping the bad guys out to a pragmatic, forward-looking approach focussing on resilience and recovery. Moreover, they also contain a shift of the responsibility and accountability for the organisation's cyber security and resilience from solely allocated to the CISO and his team to engaging the board and, by extension, the whole organisation.

In view of these evolutions, what actions can or should you undertake to best prepare for NIS2, CER, and DORA? And what are the specific roles and responsibilities of the business versus the IT and security teams, of the board members versus all collaborators, of the internal teams versus external partners and suppliers…?

We invite you to come and exchange ideas with subject matter experts and with peers who are – just like you – investigating the best possible ways to prepare their organisation, not only to be compliant with these regulations but also to come up to the level of resilience that could one day be critical for the survival of your organisation.