NIS2 Uncovered: the New Cybersecurity Rulebook for Businesses

22 maijs, 2025 pasākumi

The new NIS2 Directive (Network and Information Security Directive 2) is the EU’s most ambitious cybersecurity regulation to date. It replaces the original 2016 directive and significantly broadens both the scope and the compliance burden on businesses. If your company operates in energy, transport, banking, healthcare, digital infrastructure, or key digital services such as cloud platforms, DNS providers, or content delivery networks, you’re likely directly in scope.

But it doesn’t end there…

NIS2 also pulls in companies that provide essential services to the public sector, or that handle large volumes of sensitive or personal data — even if they’re not traditionally considered “critical infrastructure.” The reasoning is straightforward: if your operations are important enough that their disruption could cause serious societal or economic consequences, you’re part of the cybersecurity chain that NIS2 aims to reinforce.

This means the days when only telecoms and power companies worried about EU cybersecurity compliance are over. Under NIS2, even small startups, SaaS providers, logistics firms, payment processors, or digital identity services may be required to meet rigorous new obligations. The Directive casts a wide net — not based on company size alone, but on criticality, risk, and impact.

So what’s changing?

NIS2 introduces a range of mandatory cybersecurity risk management measures, along with strict incident reporting obligations, governance and oversight responsibilities, and the threat of substantial penalties. In short, the EU wants companies to treat cybersecurity like a core operational risk — not an afterthought or a delegated IT issue.

To help companies navigate these sweeping changes, the legal experts of cybersecurity from WIDEN are hosting a live webinar on 11 June. The session is designed to be informative, practical, and — yes — even a bit fun. You’ll leave with a clear understanding of what the Directive means for your business and how to get started with compliance.

Here’s what you’ll learn:

• What NIS2 is all about – A plain-language explanation of the Directive, what’s new, and why the EU felt it was necessary
• Who’s in scope (and who’s out) – Learn how to evaluate your company’s position, including borderline or complex cases
• Cybersecurity risk management – Discover the specific organizational, technical, and policy measures you’re expected to implement
• Supply chain security – Understand your responsibilities for monitoring third-party vendors and digital service providers
• Incident notification – Get clarity on the timing, content, and format of breach notifications, and how regulators expect you to react
• Enforcement and penalties – Learn about fines, legal liability, and potential bans on directors for serious non-compliance

Whether you’re in legal, IT, risk, compliance, or executive leadership, this session will help you take concrete steps to prepare your organisation. You’ll also hear directly from WIDEN’s NIS2 legal taskforce — a cross-Baltic team of specialists in digital law, data protection, and regulatory compliance.

Cybersecurity isn’t just a technical challenge anymore — it’s a legal and strategic one. And while NIS2 raises the bar, it also provides a clear framework for resilience, accountability, and trust. Getting ahead of the curve now can save your business from costly disruptions later.

So join us on 11 June to decode the legal, operational, and technical impact of NIS2. It’s free, it’s practical, and it might just be the most useful hour you’ll spend this month.

The team of cybersecurity legal experts that will walk you through the essentials of NIS2 – Asta Macijauskienė from WIDEN Legal Lithuania, Rauno Kinkar and Henri Ratnik from WIDEN Legal Estonia, and Anete Bože from WIDEN Legal Latvia.

Want to make sure that cybersecurity does not become a headache? We’ll be waiting for you at the webinar on 11 June. Please register your attendance to the webinar here.