To the point: From 2026, companies will be subject to stricter liability rules under the NIS2 Directive, making compliance and cybersecurity measures mandatory.
The NIS2 Directive introduces new liability rules for companies from 2026 and significantly increases their responsibility in managing cybersecurity. Compliance teams must adapt their governance structures.
The NIS2 Directive (Directive on Network and Information Security) introduces new liability rules from 2026 that directly affect companies’ responsibility for cybersecurity. The regulation requires organisations to implement and document demonstrable security measures.
For compliance functions, this concretely means: executive management and supervisory boards must anchor cybersecurity as a core topic of corporate governance. The Directive provides that violations of security requirements can be sanctioned. Operators of critical infrastructure and digital service providers are particularly affected – their compliance requirements are being significantly expanded.
Companies should now review their current security structures against NIS2 requirements: network monitoring, incident handling, risk analyses and regular security testing become mandatory. Without proactive adaptation, companies face not only fines, but also reputational damage and loss of stakeholder trust.
Source: news.google.com · Published 6 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.