All our compliance news
NIS 2
BSI Opens NIS2 Enforcement: What German Entities Must Do Before the Audit
BSI has begun NIS2 enforcement audits. Essential entities in Germany face up to €10M fines. Here is what your audit readiness checklist looks like for 2026.
Michael Guiao
5 min read
Cyber Resilience Act · · 12 min read
Cyber Resilience Act vs NIS2 vs DORA: Which Regulation Applies to My Insured?
A practical comparison of the three major EU cybersecurity regulations — CRA, NIS2, and DORA — explaining scope, timelines, requirements, and what cyber insurance underwriters need to ask clients in 2026.
Risk Register · · 9 min read
Why Your Cyber Risk Register Is Lying to You — And What to Do About It
Most cyber risk registers are compliance checklists with no connection to real threat data, real incidents, or real financial exposure. Here is how to build one that actually works for underwriting decisions.
NIS 2 · · 11 min read
NIS2 Article 21 Technical Measures: The Complete Security Requirements Breakdown for 2026
NIS2 Article 21 defines 10 mandatory security measures every essential and important entity must implement. Complete breakdown of each requirement with implementation guidance, audit evidence expectations, and compliance timeline.
NIS 2 · · 10 min read
The NIS2 Audit Crunch: What Underwriters Need to Know Before June 30, 2026
With the June 30, 2026 NIS2 compliance audit deadline approaching, cyber underwriters face a narrow window to reassess risk profiles across their entire European portfolio. Here is what the audit requirement means for how you evaluate, price, and write cyber coverage.
NIS 2 · · 12 min read
How to Prepare for a NIS2 Audit: Documentation, Evidence, and Compliance Verification Guide (2026)
Complete guide to NIS2 audit preparation. Covers documentation requirements by Article, evidence collection, common failures, management liability, and a 30-day pre-audit checklist for in-scope EU entities.
NIS 2 · · 11 min read
NIS2 Austria Compliance Guide: NISG 2026 Requirements, BMI Authority and DACH Region Framework for 2026
Complete guide to NIS2 compliance in Austria. Covers the NISG 2026 (Network and Information Systems Security Act), BMI/Bundesamt für Cybersicherheit authority, entity classification, sector requirements, CERT.at incident reporting, penalties up to €10M, and the 1 October 2026 entry into force deadline.
NIS 2 · · 12 min read
NIS2 Belgium Compliance Guide: CCB Requirements and CyberFundamentals Framework for 2026
Complete guide to NIS2 compliance in Belgium. Covers the CCB enforcement framework, Law of 26 April 2024, CyberFundamentals (CyFun) compliance tracks, entity classification, sector requirements, penalties, and the 18 April 2026 deadline for essential entities.
NIS 2 · · 8 min read
NIS2 Board Liability: Personal Fines, Bans, and What Management Must Know in 2026
NIS2 Article 20 holds management bodies personally liable for cybersecurity failures. This guide explains personal fines, temporary bans, and the 7 steps boards must take to protect themselves in 2026.
NIS 2 · · 13 min read
NIS2 Bulgaria Compliance Guide: Cybersecurity Act Amendments and DAEU Requirements for 2026
Complete guide to NIS2 compliance in Bulgaria — covering the amended Cybersecurity Act (Закон за киберсигурността), DAEU enforcement, National CSIRT bg incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Bulgarian entities.
NIS 2 · · 4 min read
NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care
The NIS2 transposition deadline has passed. With fewer than 10% of critical entities fully compliant, carriers are starting to exclude non-compliant organizations from coverage. For insurance brokers, failing to verify client NIS2 status is now a professional liability risk. Here's what you need to know.
NIS 2 · · 8 min read
NIS2 Compliance Checklist 2026: Complete Guide for the 2026 Deadline
Complete NIS2 compliance checklist with 70+ action items covering risk management, incident reporting, supply chain security, and governance. Essential preparation for EU enforcement.
NIS 2 · · 6 min read
NIS2 Compliance Checklist for 2026: What Brokers Need to Verify Before Coverage Placement
Before placing cyber coverage for NIS2 in-scope clients, verify these 10 compliance checkpoints. Missing documentation is the most common coverage gap.
NIS2 Compliance Checklist · · 18 min read
NIS2 Compliance Checklist 2026: Complete Guide for Insurance Professionals
Complete NIS2 compliance checklist with requirements, deadlines, and implementation steps. Get your organization compliant with our expert guide.
NIS 2 · · 17 min read
What is NIS2 Compliance? A Complete Guide for 2026
Master NIS2 compliance in 2026. Understand the EU cybersecurity directive, who it affects, key requirements, penalties, and how to prepare before enforcement.
NIS 2 · · 10 min read
NIS2 Compliance for IT Managers: The Action Plan That Actually Works in 2026
Step-by-step NIS2 compliance action plan for IT managers and CISOs. Practical implementation guide covering risk management, incident reporting, security governance, supply chain security, and business continuity — with free tools and templates.
NIS 2 · · 15 min read
NIS2 Croatia Compliance Guide: Cybersecurity Act (Zakon o kibernetičkoj sigurnosti) and AZOP Requirements for 2026
Complete guide to NIS2 compliance in Croatia — covering the Cybersecurity Act (Zakon o kibernetičkoj sigurnosti), UVNS/NCSC-HR enforcement, CERT.hr incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Croatian entities.
NIS 2 · · 16 min read
NIS2 Cyprus Compliance Guide: Security of Networks and Information Systems Law and DSA Requirements for 2026
Complete guide to NIS2 compliance in Cyprus — covering the Security of Networks and Information Systems Law (N.89(I)/2020 as amended by N.60(I)/2025), Digital Security Authority (DSA) enforcement, CSIRT-CY incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Cypriot entities.
NIS 2 · · 8 min read
NIS2 Czech Republic Compliance Guide: Act No. 264/2025, NÚKIB Authority and Strategically Important Services for 2026
Complete guide to NIS2 compliance in the Czech Republic. Covers Act No. 264/2025 Coll., NÚKIB authority, uniquely expanded scope with "strategically important services," entity classification, higher vs. lower obligations regimes, penalties up to CZK 250M (~€10M), and registration deadlines.
NIS 2 · · 8 min read
NIS2 Denmark Compliance Guide: NIS-2-loven, CFCS Authority and Danish Cybersecurity Framework for 2026
Complete guide to NIS2 compliance in Denmark. Covers the NIS-2-loven (Bill L 141), CFCS authority under Defence Intelligence, SAMSIK registration, entity classification, sector-specific obligations, criminal enforcement model, penalties up to DKK 75M (~€10M), and key registration deadlines.
NIS 2 · · 9 min read
NIS2 Directive: The Complete Compliance Guide for 2026
Everything you need to know about NIS2 compliance in 2026: which sectors are affected, key requirements, deadlines, and how to prepare your organization for the EU cybersecurity directive.
Cyber Risk · · 2 min read
NIS2 and DORA: What Cyber Underwriters Need to Know
A practical breakdown of how the NIS2 Directive and DORA regulation affect cyber insurance underwriting in Europe.
NIS 2 · · 5 min read
NIS2 Penalties Explained: Essential vs Important Entities for 2026
Understand the critical difference between NIS2 essential and important entities. Classification criteria, compliance requirements, penalty differences, and what it means for your cyber insurance.
NIS 2 · · 13 min read
NIS2 Estonia Compliance Guide: Cybersecurity Act Amendments and RIA Requirements for 2026
Complete guide to NIS2 compliance in Estonia — covering the amended Cybersecurity Act (Küberturvalisuse seadus), RIA enforcement, CERT-EE incident reporting, entity classification, sector requirements, penalties, phased implementation timeline, and cyber insurance implications for Estonian entities.
NIS 2 · · 9 min read
NIS2 Finland Compliance Guide: Kyberturvallisuuslaki (Act 124/2025), Traficom Authority and Kybermittari Framework for 2026
Complete guide to NIS2 compliance in Finland. Covers the Kyberturvallisuuslaki (Cybersecurity Act 124/2025), Traficom/NCSC-FI authority, free Kybermittari self-assessment tool, entity classification with 50,000-resident municipal threshold, guidance-first enforcement, penalties up to €10M, and key registration deadlines.
NIS 2 · · 11 min read
NIS2 France: ANSSI Compliance Requirements, Enforcement Timeline, and What French Entities Must Do in 2026
ANSSI is enforcing NIS2 across France with formal notice procedures and audits. Essential entities face €10M fines. Complete guide to French NIS2 transposition, ANSSI audit expectations, and compliance steps for OSE and OSI entities.
NIS 2 · · 12 min read
How to Conduct a NIS2 Gap Analysis: Step-by-Step Readiness Assessment for 2026
Complete NIS2 gap analysis methodology with step-by-step instructions, free checklist template, and readiness scoring framework. Identify compliance gaps across all 10 Article 21 measures, incident reporting, governance, and supply chain security before your national authority does.
NIS 2 · · 13 min read
NIS2 Greece Compliance Guide: ENSI Authority, Maritime & Energy Sector Requirements, and What Greek Entities Must Do in 2026
Complete guide to NIS2 compliance in Greece. Covers the ENSI (Εθνική Αρχή Κυβερνοασφάλειας) authority, entity classification, maritime fleet obligations, island energy infrastructure, GR-CSIRT incident reporting, penalties up to €10M, and the compliance roadmap for Greek entities.
NIS 2 · · 18 min read
NIS2 Hungary Multi-Authority Enforcement Guide: NBI Sectoral Oversight, NKH Coordination, and Cross-Authority Compliance for 2026
Comprehensive guide to Hungary's multi-authority NIS2 enforcement model — covering NBI (National Security Authority) sectoral oversight for defence and security, NKH health sector coordination, cross-authority cooperation with SZTFH, interagency information-sharing frameworks, entity obligations across multiple regulators, and cyber insurance implications for Hungarian entities navigating the cooperative supervisory regime.
NIS 2 · · 15 min read
NIS2 Hungary Compliance Guide: Act LXIX of 2024, SZTFH Enforcement, and NKI Requirements for 2026
Complete guide to NIS2 compliance in Hungary — covering Act LXIX of 2024 on the Cybersecurity of Hungary, SZTFH enforcement, NKI incident reporting, entity classification, mandatory audit system, NIST-based risk classification, penalties, implementation timeline, and cyber insurance implications for Hungarian entities.
NIS2 Incident Reporting · · 18 min read
NIS2 Incident Reporting: 24-Hour, 72-Hour, and 1-Month Requirements Explained
Complete guide to NIS2 incident reporting timelines, requirements, and procedures. Learn what must be reported, when, and to whom under the EU cybersecurity directive.
NIS 2 · · 8 min read
NIS2 Ireland Preparation Guide: National Cyber Security Bill, NCSC Ireland and CyFun Framework for 2026
Complete guide to NIS2 preparation in Ireland. Covers the pending National Cyber Security Bill, NCSC Ireland authority, CyFun compliance framework adopted from Belgium, 15 Risk Management Measures, entity classification expectations, and what organizations should do now despite legislation not yet enacted.
NIS 2 · · 12 min read
NIS2 Italy: ACN Compliance Requirements, Enforcement Timeline, and What Italian Entities Must Do in 2026
Italy's Agenzia per la Cybersicurezza Nazionale (ACN) is enforcing NIS2 with surprise audits, dual-authority supervision, and personal liability for management. Essential entities face €10M fines. Complete guide to Italian NIS2 transposition, ACN registration, and compliance steps for Decree 138/2024.
NIS 2 · · 18 min read
NIS2 Malta Compliance Guide: MITA Competent Authority, NIS2 Implementing Regulations, and CSIRT-MT Incident Reporting for 2026
Complete guide to NIS2 compliance in Malta — covering the NIS2 Implementing Regulations 2025 under the Malta Digital Innovation Authority Act, MITA as the competent authority and SPOC, CSIRT-MT incident reporting, entity classification tailored to Malta's small market, sector requirements, penalties, implementation timeline, and cyber insurance implications for Maltese entities.
NIS 2 · · 11 min read
NIS2 Netherlands Compliance Guide: NCSC-NL Requirements for Dutch Entities
Complete guide to NIS2 compliance in the Netherlands. Covers NCSC-NL enforcement, Uitvoeringswet cybersecurityrichtlijn implementation, sector-specific requirements, deadlines, penalties, and what Dutch entities must do now.
NIS 2 · · 9 min read
NIS2 Penalties Explained: Essential vs Important Entities and What They Mean for Coverage
NIS2 fines range from €7M to €10M depending on entity classification. Understand essential vs important entity penalties and how compliance posture affects cyber insurance pricing.
NIS2 Penalties · · 6 min read
NIS2 Penalties & Fines Explained: What Organizations Actually Face in 2026
NIS2 fines can reach €10 million or 2% of global annual turnover—whichever is higher. This breakdown explains exactly which penalties apply to essential vs important entities, what triggers enforcement, and how underwriters should factor penalty exposure into cyber risk assessment.
NIS 2 · · 13 min read
NIS2 Poland Compliance Guide: Ustawa o Cyberbezpieczeństwie and NCSA Requirements for 2026
Complete guide to NIS2 compliance in Poland — covering the amended Cybersecurity Act (Ustawa o cyberbezpieczeństwie), NCSA enforcement, entity classification under Polish law, sector requirements, penalties, and implementation timeline for Polish entities.
NIS 2 · · 8 min read
NIS2 Portugal Compliance Guide: Decree-Law 125/2025, CNCS Authority and Four-Tier Entity Framework for 2026
Complete guide to NIS2 compliance in Portugal. Covers Decree-Law 125/2025 (Regime Jurídico da Cibersegurança), CNCS authority, unique four-tier entity classification, mandatory cybersecurity officer appointment, 24-month delayed enforcement, penalties up to €10M, and key registration deadlines.
Ransomware · · 7 min read
NIS2 Ransomware Reporting Requirements: What Incident Response Teams Must Know
Under NIS2, ransomware incidents trigger mandatory reporting obligations with tight deadlines and personal liability for management. Here is the compliance playbook incident response teams need.
NIS 2 · · 11 min read
NIS2 Romania Compliance Guide: Romanian Cybersecurity Law and ANSI Requirements for 2026
Complete guide to NIS2 compliance in Romania — covering the amended Cybersecurity Law (Legea 361/2018), ANSI enforcement, STS coordination, entity classification, sector requirements, penalties, and implementation timeline for Romanian entities.
NIS 2 · · 20 min read
NIS2 Slovakia Compliance Guide: Act on Cybersecurity Amendment, NBU Enforcement, and SK-CERT Incident Reporting for 2026
Complete guide to NIS2 compliance in Slovakia — covering the amended Act on Cybersecurity (Zákon o kybernetickej bezpečnosti), NBU (National Security Authority) enforcement as the competent authority and SPOC, SK-CERT incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Slovak entities.
NIS 2 · · 18 min read
NIS2 Slovenia Compliance Guide: Cybersecurity Act (ZKV-1), URSIV Enforcement, and SI-CERT Incident Reporting for 2026
Complete guide to NIS2 compliance in Slovenia — covering the Cybersecurity Act (Zakon o kibernetski varnosti / ZKV-1), URSIV enforcement as the national competent authority, SI-CERT incident reporting operated by ARNES, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Slovenian entities.
NIS 2 · · 13 min read
NIS2 Spain: INCIBE Compliance Requirements, Enforcement Timeline, and What Spanish Entities Must Do in 2026
INCIBE and CCN are enforcing NIS2 across Spain with sector-specific audits and registration mandates. Essential entities face €10M fines. Complete guide to Spanish NIS2 transposition, INCIBE oversight, and compliance steps for operators.
NIS 2 · · 10 min read
NIS2 Supply Chain Security Requirements: Third-Party Risk Management Guide for 2026
NIS2 Article 21 mandates supply chain security for all essential and important entities. Complete guide to third-party risk assessments, vendor security clauses, supply chain vulnerability monitoring, and compliance evidence — with free checklist and implementation templates.
NIS 2 · · 11 min read
NIS2 Sweden Compliance Guide: Cybersäkerhetslagen SFS 2025:1506, MCF Authority and Nordic Framework for 2026
Complete guide to NIS2 compliance in Sweden. Covers the Cybersäkerhetslagen (Cybersecurity Act SFS 2025:1506), MCF (formerly MSB) authority, CERT-SE incident reporting, entity classification, sector requirements, decentralized supervision model, penalties up to €10M, and the January 2026 entry into force.
NIS 2 · · 16 min read
NIS2 Underwriting Questions: What Every Cyber Insurance Broker Should Ask
Practical Line 1, Line 2, and Line 3 underwriting questions for NIS2-exposed clients. Essential vs important entities. Coverage gaps brokers should flag.
Resilience Stack · · 21 min read
The Resilience Stack™: A 5-Layer Framework for Cyber Insurance Risk Assessment
Introducing the Resilience Stack™ — RESILIENTLY's proprietary framework for evaluating cyber risk across five layers: threat landscape, exposure surface, regulatory posture, financial impact, and insurance readiness.
blog.featured
The Resilience Stack™: A Five-Layer Framework for Cyber Insurance Risk Assessment
Resilience Stack ·
12 min read
The Cyber Insurance Submission Crisis: 7 Reasons Brokers Can't Afford Manual Risk Assessments in 2026
Cyber Insurance ·
6 min read
Cyber Risk Quantification Tools 2026: The $50K Gap Between Free and Enterprise
Cyber Risk Quantification ·
4 min read
NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care
NIS 2 ·
4 min read
Premium Report
2026 Cyber Risk Landscape Report
24 pages of threat analysis, claims data, and underwriting implications for European cyber insurance.
View Reports →