NIS2 requires executive officers to assume direct responsibility for cybersecurity governance and incident reporting, with violations potentially resulting in personal liability.