amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a8e77e9492bbe281d7f11ee39690dfa2d41bb02
hermes-brain/projects/passepartout/strategy/compliance/nis2.org
Hermes 0a8e77e949 Reorganize brain: projects/ top level, rename filenames, update homepage 
- Moved everything from ideas/passepartout/ to projects/passepartout/
- Moved legal structures to projects/flags/
- Created missing _index.org files for all subdirectories
- Stripped redundant passepartout- prefix from filenames
- Rewrote root _index.org as generalized brain index (projects + concepts)
- Updated Hugo nav to Projects/Concepts
- Updated build script section descriptions
- Deleted stale ideas/passepartout-economics.md orphan
2026-05-24 18:54:14 +00:00

36 lines
1.7 KiB
Org Mode
Raw Blame History

:PROPERTIES:
:ID: 748db16a-1382-4e5e-8812-a5d57a8de131
:ID: auto-nis2
:CREATED: [2026-05-23 Sat]
:END:
#+title: NIS 2 Directive (EU Network and Information Security)
#+filetags: :passepartout:compliance:framework:nis2:
EU directive (effective October 2024, member states transpose by October 2025).
Replaces NIS (2016). Expands scope from 7 sectors to 15, covering: energy,
transport, banking, financial market infrastructure, health, drinking water,
wastewater, digital infrastructure, ICT service management, public administration,
space, postal services, food, chemicals, manufacturing (critical products).
Key requirements: risk management measures (supply chain security, incident
handling, business continuity), incident notification (24-hour early warning,
72-hour full report), C-level accountability (management can be held personally
liable for non-compliance), supply chain security for critical vendors.
Who must comply: ~160,000 entities across EU (up from ~30,000 under NIS).
Two tiers: essential (strict) and important (moderate). Extraterritorial — any
organization providing services to EU entities in covered sectors.
Penalties: Up to 10M EUR or 2% of global turnover (essential entities). Personal
liability for management.
Why it matters: NIS2 is the largest European cybersecurity mandate ever.
Every requirement maps to a gate rule: supply chain access verification,
incident notification triggers, business continuity approval chains. First-mover
advantage is urgent — the transposition deadline is October 2025 (17 months).
Organizations need gate packages now. No competitor has a declarative gate
model that maps to NIS2 requirements. $50K/yr NIS2 gate package is a fast sell.
** [[id:06fcdb02-2643-4f9d-ab41-e711a99cc390][EU AI Act]]
Reference in New Issue View Git Blame Copy Permalink