In addition to the existing strict requirements for critical infrastructure, the EU NIS2 Directive imposes special IT security requirements on many businesses and organisations. The implementation of this directive into national law has significantly expanded cybersecurity obligations, with strict liability rules and severe penalties. In addition, further requirements apply to digital products under the EU Cyber Resilience Act (CRA) and to IT services in the financial sector under the Digital Operational Resilience Act (DORA).

We provide comprehensive advice to our clients on identifying and implementing the obligations that apply to them under national and EU IT security law. One focus is reliably determining the individually applicable regulations. In particular, we offer a NIS2 impact analysis for businesses and organisations that are active in one of the various sectors covered by the NIS2 Directive, including digital service providers, manufacturers, and food businesses. This allows our clients to understand how they are affected by the different obligations.

In addition, we provide support in structuring and accompanying compliance schemes and coordinate their specific implementation in close cooperation with our technical experts. This includes determining the required level of cyber security, designing governance, risk management and reporting policies, and the necessary implementation to achieve the required state of the art.

In this way, we combine our legal experience with a deep understanding of the technical and organisational requirements to create solutions that are both legally compliant and practical for your day-to-day business.