Question 1

What is NIS2 and does it apply to organisations in Ireland?

Accepted Answer

NIS2 (Network and Information Security Directive 2), also known as EU Directive 2022/2555, is an EU-wide cybersecurity regulation that applies to all 27 member states including Ireland. It requires essential and important entities across 18 critical sectors to implement robust cybersecurity measures, report incidents to the NCSC within 24 hours, and maintain continuous audit-ready evidence. Ireland is implementing NIS2 through the National Cyber Security Bill 2024.

Question 2

What is the personal liability for CEOs and CISOs under NIS2?

Accepted Answer

NIS2 introduces direct personal accountability for senior management. CEOs, CISOs, and board members can face personal fines up to €10 million and may be held personally liable for compliance failures. This represents a significant shift from previous cybersecurity regulations.

Question 3

What are the financial penalties for NIS2 non-compliance in Ireland?

Accepted Answer

Essential entities face fines up to €10 million or 2% of global annual turnover (whichever is higher). Important entities face fines up to €7 million or 1.4% of global turnover. Additionally, management can be held personally liable and face temporary bans from management positions.

Question 4

How does NIS2Ireland.com help with compliance?

Accepted Answer

NIS2Ireland.com provides automated NIS2 compliance through the Enginsight platform. This includes Watchdog for asset discovery, Observer for vulnerability detection, Hacktor for automated penetration testing, Verity SIEM for log management, Active Shield IDS/IPS for threat detection, and Network Shield for micro-segmentation. All modules generate audit-ready evidence that directly maps to NIS2 Article 21 requirements.

Most organisations don't have a compliance problem.

What you can't see will hurt you

Unknown Asset

Unknown Vulnerability

Unknown Incident

Unknown Exposure

German engineering makes the invisible visible

Watchdog

Hacktor

Pulsar

SIEM

MDR

Compliance becomes the consequence

Evidence

Governance

Compliance

Ready to see what you've been missing?