What NIS2 Means for Senior Leaders and Global Organisations

Our legal experts shared their insights on the new NIS2 Directive with the Business Post as part of its Power of Data Report.

NIS2, the EU’s updated Network and Information Security Directive, is due to be transposed in Ireland by the end of 2025/beginning of 2026. It introduces new obligations on registration, risk management, board responsibility, incident reporting and training.

Julie Austin, Partner in our Data & Technology team, underlined the shift in accountability:

“Cyber security can no longer be left to the IT team. Senior management in each jurisdiction is now responsible for compliance. The stakes are high, with direct accountability for boards and senior management for compliance failings.”

The directive presents added complexity for multinational organisations, as Ciara O’Rourke, Associate in our Data & Technology team, explained:

“Under these new rules, the same cyber incident may need to be reported separately in 27 different Member States within 24 hours. This is creating inefficiencies and duplication.”

Organisations are encouraged to act early by mapping obligations, upskilling management and monitoring national developments. We are working with clients to help them navigate this complexity and take practical steps to prepare for the new rules.

Read the full article or find out more about our Cyber Security team.