Business

Fines of up to EUR 10 million and personal liability of management boards. European regulations are forcing a revolution in IT Governance [FELIETON]


In the coming years, it will no longer be enough to protect systems against cyberattacks. Boards will have to demonstrate that they manage data in a systematic and auditable way – both sensitive data covered by NIS2 and DORA regulations, as well as non-financial data required by the RED II/III and CSRD directives. At stake are not only fines of up to EUR 10 million, but also the risk of exclusion from international supply chains.

Four areas where investment decisions will need to be made by 2025 at the latest to avoid problems a year later:

1. Convergence of risks: NIS2, DORA and personal liability

For companies covered by the NIS2 directive (key and important operators) and the DORA regulation (financial sector and its ICT providers), 2026 will be the moment of real enforcement of the regulations. The regulations provide not only for high financial penalties, but also for personal liability of management board members for negligence in the area of ​​cybersecurity and business continuity.

Ashley Davis

I’m Ashley Davis as an editor, I’m committed to upholding the highest standards of integrity and accuracy in every piece we publish. My work is driven by curiosity, a passion for truth, and a belief that journalism plays a crucial role in shaping public discourse. I strive to tell stories that not only inform but also inspire action and conversation.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button