Cybersecurity (EU NIS2 Directive)

We provide comprehensive legal advice to entities subject to the obligations arising from the NIS2 Directive and the amendment to the Act on the National Cybersecurity System. We assist in identifying the obligations of companies as key or important entities in accordance with EU regulations, as well as in preparing and implementing appropriate policies, procedures, and risk management measures in the area of cybersecurity.

We support the creation of organizational structures and internal documentation, including risk analysis policies, business continuity plans, incident reporting procedures, and cybersecurity incident response systems. We also advise on contracts with service providers and auditors, including the drafting and negotiation of contracts for penetration testing and NIS2 compliance audits.

Our law firm has experience in providing services to companies from sectors covered by the NIS2 Directive, such as energy, transport, the digital sector, healthcare, and trust service providers. We have conducted numerous legal audits of cybersecurity systems for compliance with current and planned EU regulations. We have advised both key entities and smaller operators of essential services, implementing the mechanisms necessary to comply with the new regulations from 2024.

We have practical experience in working with IT departments, system administrators, and cybersecurity specialists. We develop incident reporting procedures and vulnerability reporting policies in accordance with the requirements of the NIS2 Directive. Our support also includes advice on inspections and supervisory proceedings conducted by national cybersecurity authorities.

The provisions of the NIS2 Directive not only introduce new obligations, but also potentially severe penalties for non-compliance. Cooperation with our law firm enables key and important entities to mitigate the risks associated with non-compliance and effectively implement the requirements for network and information system security. We support our clients in preparing organizational risk management measures so that the process is tailored to the specific nature of the sector and the realities of the company’s operations.

We provide practical and implementable solutions that increase the level of cybersecurity without placing an unnecessary burden on organizational resources. Our consulting services also include ongoing incident response and maintaining contact with the relevant state authorities. With our support, clients can be confident that their cybersecurity systems comply with EU and national law, while supporting the safe and effective operation of their business in the digital environment.

The NIS 2 Directive introduces a number of cybersecurity obligations that must be implemented by a wide range of entities operating in key sectors of the economy. The new rules apply not only to operators of critical infrastructure, but also to digital companies, cloud service providers, e-commerce platforms, and trust service providers. A key element of compliance is the implementation of risk management measures and effective incident response procedures.

The obligations under the directive include, among others, reporting serious incidents and cyberattacks, ensuring business continuity, identifying threats, and implementing network and system security policies. Non-compliance may result in financial penalties and management liability for failure to comply with NIS2 requirements.