Is Your Board Ready for a NIS2 Audit?
7 questions mapped to what national competent authorities actually check. Article 20 personal liability, 24-hour incident reporting, supply chain security. 2 minutes.
Can you submit a 24-hour early warning to your national CSIRT right now?
What does NIS2 require?
NIS2 Article 20 requires management bodies at essential and important entities to complete cybersecurity training, approve risk management measures, and bear personal liability for compliance failures. Competent authorities can temporarily suspend individuals from management functions.
Article 23 mandates incident reporting within 24 hours (early warning), 72 hours (full notification), and 1 month (final report). In the first six months post-enforcement, ENISA received a 340% increase in incident reports.
Fines for essential entities: up to €10 million or 2% of global turnover. For important entities: €7 million or 1.4%.
Built by Blend Training
We design scenario-based compliance training where directors practice making decisions under pressure — not click-through slides. Our NIS2 course puts you in the CISO's chair during a ransomware attack with a 24-hour reporting deadline.