amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganize brain: projects/ top level, rename filenames, update homepage

Browse Source 
- Moved everything from ideas/passepartout/ to projects/passepartout/
- Moved legal structures to projects/flags/
- Created missing _index.org files for all subdirectories
- Stripped redundant passepartout- prefix from filenames
- Rewrote root _index.org as generalized brain index (projects + concepts)
- Updated Hugo nav to Projects/Concepts
- Updated build script section descriptions
- Deleted stale ideas/passepartout-economics.md orphan
This commit is contained in:
Hermes
2026-05-24 18:54:14 +00:00
parent 4b60244919
commit 0a8e77e949
119 changed files with 177 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
projects/passepartout/strategy/compliance/nis2.org Normal file
View File

@@ -0,0 +1,35 @@
:PROPERTIES:
:ID: 748db16a-1382-4e5e-8812-a5d57a8de131
:ID: auto-nis2
:CREATED: [2026-05-23 Sat]
:END:
#+title: NIS 2 Directive (EU Network and Information Security)
#+filetags: :passepartout:compliance:framework:nis2:
EU directive (effective October 2024, member states transpose by October 2025).
Replaces NIS (2016). Expands scope from 7 sectors to 15, covering: energy,
transport, banking, financial market infrastructure, health, drinking water,
wastewater, digital infrastructure, ICT service management, public administration,
space, postal services, food, chemicals, manufacturing (critical products).
Key requirements: risk management measures (supply chain security, incident
handling, business continuity), incident notification (24-hour early warning,
72-hour full report), C-level accountability (management can be held personally
liable for non-compliance), supply chain security for critical vendors.
Who must comply: ~160,000 entities across EU (up from ~30,000 under NIS).
Two tiers: essential (strict) and important (moderate). Extraterritorial — any
organization providing services to EU entities in covered sectors.
Penalties: Up to 10M EUR or 2% of global turnover (essential entities). Personal
liability for management.
Why it matters: NIS2 is the largest European cybersecurity mandate ever.
Every requirement maps to a gate rule: supply chain access verification,
incident notification triggers, business continuity approval chains. First-mover
advantage is urgent — the transposition deadline is October 2025 (17 months).
Organizations need gate packages now. No competitor has a declarative gate
model that maps to NIS2 requirements. $50K/yr NIS2 gate package is a fast sell.
** [[id:06fcdb02-2643-4f9d-ab41-e711a99cc390][EU AI Act]]