{"id":1552,"date":"2026-04-28T08:26:42","date_gmt":"2026-04-28T05:26:42","guid":{"rendered":"https:\/\/bdhs-solutions.com\/nis2\/"},"modified":"2026-05-06T19:59:05","modified_gmt":"2026-05-06T16:59:05","slug":"nis2","status":"publish","type":"page","link":"https:\/\/bdhs-solutions.com\/en\/nis2\/","title":{"rendered":"NIS2"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"1552\" class=\"elementor elementor-1552 elementor-996\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-fd73104 e-flex e-con-boxed elementor-invisible e-con e-parent\" data-id=\"fd73104\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;,&quot;animation&quot;:&quot;fadeIn&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7e3cea5 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"7e3cea5\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Everything you need to know about nis2<\/h1>\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-12faaba e-con-full e-flex elementor-invisible e-con e-child\" data-id=\"12faaba\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;,&quot;animation_delay&quot;:200}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0fbd149 elementor-widget elementor-widget-gum_heading\" data-id=\"0fbd149\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;}\" data-widget_type=\"gum_heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"gum-widget-title\"><h2 class=\"section-main-title size-default\"><a href=\"https:\/\/bdhs-solutions.com\/en\/\"><span class=\"prefix\"><\/span><span class=\"maintitle\">Home<\/span><span class=\"subfix\"><\/span><\/a><\/h2><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5cd36bb elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"5cd36bb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<a class=\"elementor-icon\" href=\"#\">\n\t\t\t<i aria-hidden=\"true\" class=\"icon icon-right-arrow1\"><\/i>\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-7953795 e-flex e-con-boxed e-con e-parent\" data-id=\"7953795\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-a3d23b0 e-con-full e-flex e-con e-child\" data-id=\"a3d23b0\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-999e0b1 elementor-widget elementor-widget-heading\" data-id=\"999e0b1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Requirements, obligations and impact for your organization<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-77ce48d elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"77ce48d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: #e5b446;\">NIS2<\/span> Directive <span class=\"\u037cg\"> <\/span>comes with new rules for digital security in the EU, but they don&#8217;t have to be difficult to understand. We have summarized the most important information for you: who is affected, what obligations arise and how you can protect your organization effectively. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-ce49b83 e-con-full e-flex e-con e-child\" data-id=\"ce49b83\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8acfcdc elementor-widget elementor-widget-image\" data-id=\"8acfcdc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"480\" height=\"290\" src=\"https:\/\/bdhs-solutions.com\/wp-content\/uploads\/2026\/04\/nis2.png\" class=\"attachment-large size-large wp-image-1516\" alt=\"NIS2\" srcset=\"https:\/\/bdhs-solutions.com\/wp-content\/uploads\/2026\/04\/nis2.png 480w, https:\/\/bdhs-solutions.com\/wp-content\/uploads\/2026\/04\/nis2-300x181.png 300w\" sizes=\"(max-width: 480px) 100vw, 480px\" title=\"\">\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e05d7c5 e-con-full e-flex e-con e-parent\" data-id=\"e05d7c5\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b9f28f8 e-n-tabs-mobile elementor-widget elementor-widget-n-tabs\" data-id=\"b9f28f8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"nested-tabs.default\">\n\t\t\t\t\t\t\t<div class=\"e-n-tabs\" data-widget-number=\"194980088\" aria-label=\"Tabs. Open items with Enter or Space, close with Escape and navigate using the Arrow keys.\">\n\t\t\t<div class=\"e-n-tabs-heading\" role=\"tablist\">\n\t\t\t\t\t<button id=\"e-n-tab-title-1949800881\" data-tab-title-id=\"e-n-tab-title-1949800881\" class=\"e-n-tab-title\" aria-selected=\"true\" data-tab-index=\"1\" role=\"tab\" tabindex=\"0\" aria-controls=\"e-n-tab-content-1949800881\" style=\"--n-tabs-title-order: 1;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t1. What is nis 2?\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-1949800882\" data-tab-title-id=\"e-n-tab-title-1949800882\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"2\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-1949800882\" style=\"--n-tabs-title-order: 2;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t2. What does nis 2 require?  \t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-1949800883\" data-tab-title-id=\"e-n-tab-title-1949800883\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"3\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-1949800883\" style=\"--n-tabs-title-order: 3;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t3. Who is in charge of nis 2 in romania?\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-1949800884\" data-tab-title-id=\"e-n-tab-title-1949800884\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"4\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-1949800884\" style=\"--n-tabs-title-order: 4;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t4. nis 2 in Romania - legal framework and current situation\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-1949800885\" data-tab-title-id=\"e-n-tab-title-1949800885\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"5\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-1949800885\" style=\"--n-tabs-title-order: 5;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t5. who is covered by nis 2 in romania?\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-1949800886\" data-tab-title-id=\"e-n-tab-title-1949800886\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"6\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-1949800886\" style=\"--n-tabs-title-order: 6;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t5. who is covered by nis 2 in romania?\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-1949800887\" data-tab-title-id=\"e-n-tab-title-1949800887\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"7\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-1949800887\" style=\"--n-tabs-title-order: 7;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t6. Types of entities covered by nis 2\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-1949800888\" data-tab-title-id=\"e-n-tab-title-1949800888\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"8\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-1949800888\" style=\"--n-tabs-title-order: 8;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t7. Sanctions nis 2\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-1949800889\" data-tab-title-id=\"e-n-tab-title-1949800889\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"9\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-1949800889\" style=\"--n-tabs-title-order: 9;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t8. essential steps for compliance\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-19498008810\" data-tab-title-id=\"e-n-tab-title-19498008810\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"10\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-19498008810\" style=\"--n-tabs-title-order: 10;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t9. Optimal time for compliance\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-19498008811\" data-tab-title-id=\"e-n-tab-title-19498008811\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"11\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-19498008811\" style=\"--n-tabs-title-order: 11;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t10. Accountability of management and decision-making functions\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-19498008812\" data-tab-title-id=\"e-n-tab-title-19498008812\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"12\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-19498008812\" style=\"--n-tabs-title-order: 12;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t11. Supervisory regime\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-19498008813\" data-tab-title-id=\"e-n-tab-title-19498008813\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"13\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-19498008813\" style=\"--n-tabs-title-order: 13;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t12. Accepted domains\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-19498008814\" data-tab-title-id=\"e-n-tab-title-19498008814\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"14\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-19498008814\" style=\"--n-tabs-title-order: 14;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t13. Checklist - Are you prepared for a DNSC check?\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-19498008815\" data-tab-title-id=\"e-n-tab-title-19498008815\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"15\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-19498008815\" style=\"--n-tabs-title-order: 15;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t14. What is NOT NIS 2?\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t<button id=\"e-n-tab-title-19498008816\" data-tab-title-id=\"e-n-tab-title-19498008816\" class=\"e-n-tab-title\" aria-selected=\"false\" data-tab-index=\"16\" role=\"tab\" tabindex=\"-1\" aria-controls=\"e-n-tab-content-19498008816\" style=\"--n-tabs-title-order: 16;\">\n\t\t\t\t\t\t<span class=\"e-n-tab-title-text\">\n\t\t\t\t15. FAQ about NIS 2 in Romania\t\t\t<\/span>\n\t\t<\/button>\n\t\t\t\t\t<\/div>\n\t\t\t<div class=\"e-n-tabs-content\">\n\t\t\t\t<div id=\"e-n-tab-content-1949800881\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-1949800881\" data-tab-index=\"1\" style=\"--n-tabs-title-order: 1;\" class=\"e-active elementor-element elementor-element-cde19d4 e-con-full e-flex e-con e-child\" data-id=\"cde19d4\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5419bee elementor-widget elementor-widget-text-editor\" data-id=\"5419bee\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS2 is the European Directive that sets mandatory cybersecurity requirements for companies and institutions considered critical to the economy and society.<\/p><p>In Romania, NIS2 applies to medium and large companies (more than 50 employees or turnover over \u20ac10 million) in key or important sectors &#8211; directly or through the supply chain.  <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-1949800882\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-1949800882\" data-tab-index=\"2\" style=\"--n-tabs-title-order: 2;\" class=\" elementor-element elementor-element-9220a50 e-con-full e-flex e-con e-child\" data-id=\"9220a50\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ece7a21 elementor-widget elementor-widget-heading\" data-id=\"ece7a21\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Risk management measures  <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9c59caa elementor-widget elementor-widget-text-editor\" data-id=\"9c59caa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Organizations are required to implement a formal framework for identifying, assessing and addressing cybersecurity risks, including for suppliers and the supply chain, with direct management involvement.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f8a62ce elementor-widget elementor-widget-heading\" data-id=\"f8a62ce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Reporting cyber incidents  <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3137523 elementor-widget elementor-widget-text-editor\" data-id=\"3137523\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Significant incidents must be reported to the DNSC within strict deadlines (initial alert, intermediate notification and final report), usually within 24 hours, together with information on the impact and remedial measures.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4f23782 elementor-widget elementor-widget-heading\" data-id=\"4f23782\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Technical and organizational measures  <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f9528db elementor-widget elementor-widget-text-editor\" data-id=\"f9528db\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS 2 requires the implementation of appropriate technical and organizational measures, such as security policies, access control, multi-factor authentication, encryption, tested backups, continuous monitoring and business continuity plans.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3e06668 elementor-widget elementor-widget-heading\" data-id=\"3e06668\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Governance and accountability at senior management level  <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-90a885e elementor-widget elementor-widget-text-editor\" data-id=\"90a885e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The organization&#8217;s management has direct responsibility for approving, overseeing, and enforcing cybersecurity measures, including participation in mandatory NIS 2 training.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-83a9cd1 elementor-widget elementor-widget-heading\" data-id=\"83a9cd1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Supplier evaluation and management  <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4de98d0 elementor-widget elementor-widget-text-editor\" data-id=\"4de98d0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Organizations should assess the risks posed by suppliers, subcontractors and service providers and introduce cybersecurity contractual clauses as required by NIS 2.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e4e8891 elementor-widget elementor-widget-heading\" data-id=\"e4e8891\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Continuity and incident response  <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-da28e44 elementor-widget elementor-widget-text-editor\" data-id=\"da28e44\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Documented and regularly tested plans for business continuity, disaster recovery and cyber incident response are mandatory.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b052f41 elementor-widget elementor-widget-heading\" data-id=\"b052f41\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Audit, documentation and proof of compliance  <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-81d8a4b elementor-widget elementor-widget-text-editor\" data-id=\"81d8a4b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Organizations must be able to demonstrate, through clear documentation and records, that the NIS 2 measures are in place and functional, including in the context of controls carried out by the authorities.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f0fb073 elementor-widget elementor-widget-heading\" data-id=\"f0fb073\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Severe penalties for non-compliance  <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-baf2d92 elementor-widget elementor-widget-text-editor\" data-id=\"baf2d92\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Non-compliance with NIS 2 requirements can lead to significant fines in relation to overall turnover, mandatory corrective measures and, in certain situations, personal liability for members of management.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-1949800883\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-1949800883\" data-tab-index=\"3\" style=\"--n-tabs-title-order: 3;\" class=\" elementor-element elementor-element-86ca068 e-con-full e-flex e-con e-child\" data-id=\"86ca068\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-86b2af9 elementor-widget elementor-widget-heading\" data-id=\"86b2af9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">National Cyber Security Directorate (NCDS)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-818da49 elementor-widget elementor-widget-text-editor\" data-id=\"818da49\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The DNSC is the lead competent authority for NIS2 in Romania, responsible for coordinating implementation, oversight and compliance. It administers the registry of critical and important entities, the registration platform and manages major cyber incidents as the national CSIRT, with the obligation to report within 24 hours. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b0ecfdd elementor-widget elementor-widget-heading\" data-id=\"b0ecfdd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">  ANCOM - electronic communications<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c973362 elementor-widget elementor-widget-text-editor\" data-id=\"c973362\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>In the electronic communications sector, NIS2 applies to providers of electronic communications networks and services. ANCOM supervises the application of cybersecurity requirements for telecom operators and ensures their alignment with specific regulations in the field, in collaboration with the DNSC. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a2a98b elementor-widget elementor-widget-heading\" data-id=\"5a2a98b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">ANRE - energy<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8ac4ea4 elementor-widget elementor-widget-text-editor\" data-id=\"8ac4ea4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>In the energy sector, NIS2 applies to entities in generation, transmission, distribution and supply. ANRE coordinates the implementation of the Directive&#8217;s requirements at sectoral level and collaborates with the DNSC for the supervision of essential and important energy entities. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-07eaa4a elementor-widget elementor-widget-heading\" data-id=\"07eaa4a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Ministry of Transport and Infrastructure<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cb6696f elementor-widget elementor-widget-text-editor\" data-id=\"cb6696f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>For the transport sector, NIS2 applies to air, rail, road and maritime transport operators and related critical infrastructure. The Ministry of Transport and Infrastructure enforces the requirements of the Directive and coordinates critical infrastructure operators in cooperation with DNSC. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3e02539 elementor-widget elementor-widget-heading\" data-id=\"3e02539\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Ministry of Health<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-22285ce elementor-widget elementor-widget-text-editor\" data-id=\"22285ce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>In the health sector, NIS2 applies to health facilities and critical care providers. The Ministry of Health coordinates the implementation of cybersecurity requirements and collaborates with the DNSC to manage incidents with public health impact. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-eaf7d5b elementor-widget elementor-widget-heading\" data-id=\"eaf7d5b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">ANSPDCP, SRI and SIE<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9045276 elementor-widget elementor-widget-text-editor\" data-id=\"9045276\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>In applying NIS2, the DNSC cooperates with the ANSPDCP for personal data protection issues, as well as with the SRI and SIE for the protection of national cyber security and critical infrastructures with strategic relevance or external dimension.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-1949800884\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-1949800884\" data-tab-index=\"4\" style=\"--n-tabs-title-order: 4;\" class=\" elementor-element elementor-element-3f10ba6 e-con-full e-flex e-con e-child\" data-id=\"3f10ba6\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-32b517e elementor-widget elementor-widget-heading\" data-id=\"32b517e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Legislative transposition<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9393b21 elementor-widget elementor-widget-text-editor\" data-id=\"9393b21\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The NIS2 Directive is formally transposed into Romanian law as of October 17, 2024, by Law no. 333\/2024 and Government Decision no. 1087\/2024, becoming mandatory for essential and important entities.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6d386c8 elementor-widget elementor-widget-heading\" data-id=\"6d386c8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Deadline for DNSC registration<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-598d2ba elementor-widget elementor-widget-text-editor\" data-id=\"598d2ba\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The official deadline to register with DNSC was September 19, 2025, but a significant number of organizations did not complete this process by the deadline.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c989c56 elementor-widget elementor-widget-heading\" data-id=\"c989c56\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">  State of play and procedural tolerance<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d635cfc elementor-widget elementor-widget-text-editor\" data-id=\"d635cfc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The good news is that it&#8217;s not too late for compliance. The DNSC has communicated publicly and in writing that the authority&#8217;s priority in the first part of 2026 is voluntary compliance and helping companies, not the immediate enforcement of maximum fines. <\/p>\n<p>Organizations that register during this period and submit a realistic compliance plan may benefit from additional implementation deadlines, procedural tolerance and, in the event of an inspection, the possibility of a reduction of penalties of up to 50%.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1f32667 elementor-widget elementor-widget-heading\" data-id=\"1f32667\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Timeline NIS2<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-646b542 elementor-widget elementor-widget-text-editor\" data-id=\"646b542\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<ul>\n<li>2022: Adoption of Directive (EU) 2022\/2555 (NIS 2)<\/li>\n<li>2024-2025: strengthening the national implementation framework and procedures<\/li>\n<li>2025: initial deadline for registration (the obligation remains permanent after the deadline)<\/li>\n<li>2026: intensified checks and controls, with compliance maturity expected<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-1949800885\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-1949800885\" data-tab-index=\"5\" style=\"--n-tabs-title-order: 5;\" class=\" elementor-element elementor-element-9b63f2d e-con-full e-flex e-con e-child\" data-id=\"9b63f2d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c0c33e7 elementor-widget elementor-widget-heading\" data-id=\"c0c33e7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">The NIS2 Directive applies to organizations that meet certain size criteria and are active in areas considered critical to the economy and society. The aim of the Directive is to protect essential services through mandatory cybersecurity measures. <\/h1>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e8906fa elementor-widget elementor-widget-heading\" data-id=\"e8906fa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Classification criteria<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a03b16 elementor-widget elementor-widget-text-editor\" data-id=\"5a03b16\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>An entity is subject to the NIS2 Directive if it meets at least one of the following criteria:<\/p><ul><li>more than 50 employees and\/or<\/li><li>over \u20ac10 million annual turnover<\/li><\/ul><p>and carry out direct or indirect activities in one of the regulated sectors.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8139d42 elementor-widget elementor-widget-heading\" data-id=\"8139d42\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Direct and indirect activities<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-028cb34 elementor-widget elementor-widget-text-editor\" data-id=\"028cb34\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS 2 not only covers organizations that operate directly in the regulated sectors, but also companies that provide essential services, products or support to them. Thus, an organization may fall within the scope of the Directive even if its role is that of a supplier, subcontractor or critical partner. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a527df1 elementor-widget elementor-widget-heading\" data-id=\"a527df1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">The importance of correct framing<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d2afef elementor-widget elementor-widget-text-editor\" data-id=\"4d2afef\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Correct NIS 2 compliance determines legal obligations, level of supervision and financial risks. A wrong or ignored classification can lead to sanctions, operational bottlenecks and legal exposure for management. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-1949800886\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-1949800886\" data-tab-index=\"6\" style=\"--n-tabs-title-order: 6;\" class=\" elementor-element elementor-element-f0716cb e-con-full e-flex e-con e-child\" data-id=\"f0716cb\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-dcf5962 elementor-widget elementor-widget-heading\" data-id=\"dcf5962\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">The NIS2 Directive applies to organizations that meet certain size criteria and are active in areas considered critical to the economy and society. The aim of the Directive is to protect essential services through mandatory cybersecurity measures. <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c8a51cc elementor-widget elementor-widget-heading\" data-id=\"c8a51cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Classification criteria<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b12da56 elementor-widget elementor-widget-text-editor\" data-id=\"b12da56\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>An entity is subject to the NIS2 Directive if it meets at least one of the following criteria:<\/p><ul><li>more than 50 employees and\/or<\/li><li>over \u20ac10 million annual turnover<\/li><\/ul><p>and carry out direct or indirect activities in one of the regulated sectors.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6861b50 elementor-widget elementor-widget-heading\" data-id=\"6861b50\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Direct and indirect activities<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4bf11cf elementor-widget elementor-widget-text-editor\" data-id=\"4bf11cf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS 2 not only covers organizations that operate directly in the regulated sectors, but also companies that provide essential services, products or support to them. Thus, an organization may fall within the scope of the Directive even if its role is that of a supplier, subcontractor or critical partner. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0fff6d9 elementor-widget elementor-widget-heading\" data-id=\"0fff6d9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">  The importance of correct framing<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1c8f250 elementor-widget elementor-widget-text-editor\" data-id=\"1c8f250\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Correct NIS2 compliance determines legal obligations, level of supervision and financial risks. A wrong or ignored classification can lead to sanctions, operational bottlenecks and legal exposure for management. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-1949800887\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-1949800887\" data-tab-index=\"7\" style=\"--n-tabs-title-order: 7;\" class=\" elementor-element elementor-element-ff14844 e-con-full e-flex e-con e-child\" data-id=\"ff14844\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-16624da elementor-widget elementor-widget-n-accordion\" data-id=\"16624da\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;default_state&quot;:&quot;expanded&quot;,&quot;max_items_expended&quot;:&quot;one&quot;,&quot;n_accordion_animation_duration&quot;:{&quot;unit&quot;:&quot;ms&quot;,&quot;size&quot;:400,&quot;sizes&quot;:[]}}\" data-widget_type=\"nested-accordion.default\">\n\t\t\t\t\t\t\t<div class=\"e-n-accordion\" aria-label=\"Accordion. Open links with Enter or Space, close with Escape, and navigate with Arrow Keys\">\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2340\" class=\"e-n-accordion-item\" open>\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"1\" tabindex=\"0\" aria-expanded=\"true\" aria-controls=\"e-n-accordion-item-2340\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Key Entities (Annex I) <\/div><\/span>\n\t\t\t\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2340\" class=\"elementor-element elementor-element-9bbccc6 e-con-full e-flex e-con e-child\" data-id=\"9bbccc6\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c41c629 elementor-widget elementor-widget-heading\" data-id=\"c41c629\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Critical entities are organizations critical to the economy and society, subject to proactive oversight and strict cybersecurity obligations. If the sector and size criteria are met, critical entity status is highly likely and non-compliance can result in fines of up to 2% of global turnover as well as significant operational and legal costs. <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5c09c76 elementor-widget elementor-widget-heading\" data-id=\"5c09c76\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Energy<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7196d0f elementor-widget elementor-widget-text-editor\" data-id=\"7196d0f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The energy sector includes entities involved in the production, transmission, distribution and supply of electricity, as well as oil, natural gas, hydrogen, district heating and energy market infrastructures. Unavailability or compromise of these systems has a direct impact on national security and the continuity of essential services. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-809e124 elementor-widget elementor-widget-heading\" data-id=\"809e124\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Transportation<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ea7cce0 elementor-widget elementor-widget-text-editor\" data-id=\"ea7cce0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS 2 applies to operators in air, rail, sea and road transport and their critical infrastructures. Cybersecurity in transportation is essential for the safety of passengers, the security of goods and the functioning of supply chains. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fac4850 elementor-widget elementor-widget-heading\" data-id=\"fac4850\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Credit institutions and banking servicesframework<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-df186e3 elementor-widget elementor-widget-text-editor\" data-id=\"df186e3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Credit institutions and banking service providers are considered essential entities because of their role in financial stability. NIS2 requires strict measures to protect IT systems, transactions and customer data, in addition to existing financial regulations. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8bc4131 elementor-widget elementor-widget-heading\" data-id=\"8bc4131\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Financial market infrastructures<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-06888dc elementor-widget elementor-widget-text-editor\" data-id=\"06888dc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>This category includes exchanges, central counterparties and central depositories, whose secure functioning is essential for financial markets. A major cyber incident in this sector could have systemic effects at national and European level. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dd62bbc elementor-widget elementor-widget-heading\" data-id=\"dd62bbc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Health sector<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8077bcf elementor-widget elementor-widget-text-editor\" data-id=\"8077bcf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The healthcare sector includes hospitals, clinics, medical laboratories as well as manufacturers of critical medicines and medical devices. NIS2 aims to protect healthcare systems, patient data and continuity of care, where the unavailability of IT systems can have serious consequences for public health and life. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a46c3d elementor-widget elementor-widget-heading\" data-id=\"4a46c3d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Drinking water supply and distribution<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d8275b5 elementor-widget elementor-widget-text-editor\" data-id=\"d8275b5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The entities responsible for the supply and distribution of drinking water are considered essential as they provide a vital service to the population. Cyber security is critical to prevent disruption or contamination of supply systems. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d9c0d98 elementor-widget elementor-widget-heading\" data-id=\"d9c0d98\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Wastewater collection and treatment<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a285e13 elementor-widget elementor-widget-text-editor\" data-id=\"a285e13\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Wastewater collection and treatment systems are part of critical environmental and public health infrastructure. The NIS2 requires the protection of these systems against cyber incidents that can generate major environmental and health risks. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2fa36c1 elementor-widget elementor-widget-heading\" data-id=\"2fa36c1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Digital infrastructures<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d17560 elementor-widget elementor-widget-text-editor\" data-id=\"4d17560\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>This category includes DNS and TLD service providers, cloud, data centers, data centers, electronic communication networks and qualified trust services. Digital infrastructures are the backbone of the digital economy and a major vector of cyber risk. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-698d622 elementor-widget elementor-widget-heading\" data-id=\"698d622\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Central and local public administration<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f044256 elementor-widget elementor-widget-text-editor\" data-id=\"f044256\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS2 applies to specifically designated central and local public authorities providing essential public services. The protection of government IT systems is crucial for the continuity of public services and citizens&#8217; trust and confidence. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b35548c elementor-widget elementor-widget-heading\" data-id=\"b35548c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Space sector<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6c6a346 elementor-widget elementor-widget-text-editor\" data-id=\"6c6a346\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The space sector includes operators of critical ground infrastructure supporting space activities (e.g. communications, navigation, observation). Although it is a less visible sector, the impact of a cyber incident can be cross-sectoral and cross-border. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2341\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"2\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-2341\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Important entities (Annex II) <\/div><\/span>\n\t\t\t\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2341\" class=\"elementor-element elementor-element-9135206 e-con-full e-flex e-con e-child\" data-id=\"9135206\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0232822 elementor-widget elementor-widget-heading\" data-id=\"0232822\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Significant entities are organizations with a significant role in the economy and society, subject to reactive oversight (as opposed to essential entities, which are proactively supervised), but with clear cybersecurity obligations. Non-compliance can result in fines of up to 1.4% of annual global turnover, and is the most common category for medium and large companies in manufacturing, digital services and critical supply chains. <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-246e989 elementor-widget elementor-widget-heading\" data-id=\"246e989\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Postal and courier services<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0caf8ce elementor-widget elementor-widget-text-editor\" data-id=\"0caf8ce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS 2 applies to postal and courier service operators delivering critical goods, documents and products. These services are essential to the functioning of commercial and logistic chains and cyber incidents can affect deliveries, personal data and business continuity. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d689c73 elementor-widget elementor-widget-heading\" data-id=\"d689c73\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Managing critical waste<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-81946c9 elementor-widget elementor-widget-text-editor\" data-id=\"81946c9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Entities managing waste with an impact on public health, the environment or national security fall under NIS 2. The protection of IT and OT systems in this sector is essential for the prevention of incidents with major impacts on the environment and the public. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2c2d29e elementor-widget elementor-widget-heading\" data-id=\"2c2d29e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Hazardous chemicals<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-51fb604 elementor-widget elementor-widget-text-editor\" data-id=\"51fb604\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Organizations involved in the production, handling, storage or distribution of hazardous chemicals are considered important entities because of the high associated risks. NIS 2 requires strict cyber security measures to prevent incidents with industrial, environmental or health impacts. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-99c4f91 elementor-widget elementor-widget-heading\" data-id=\"99c4f91\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Food production and distribution<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7d7fa2b elementor-widget elementor-widget-text-editor\" data-id=\"7d7fa2b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The food sector includes operators that produce, process or distribute food on a large scale. NIS 2 aims to protect food supply chains against cyber incidents that may affect food safety and continuity of supply. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-afbaeaf elementor-widget elementor-widget-heading\" data-id=\"afbaeaf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Manufacturing industry for critical products<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c58e3f0 elementor-widget elementor-widget-text-editor\" data-id=\"c58e3f0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>This category includes manufacturers of medical devices and equipment, pharmaceuticals, electrical and electronic equipment, as well as critical industrial machinery and equipment, vehicles and automotive components, and other critical transportation equipment. NIS 2 aims to protect industrial processes and production chains against cyber-attacks with major economic impact. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-66331d3 elementor-widget elementor-widget-heading\" data-id=\"66331d3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Digital service providers<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d9eaaa0 elementor-widget elementor-widget-text-editor\" data-id=\"d9eaaa0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Digital service providers, such as online marketplaces, search engines and social networks, are covered by NIS 2 due to the large volume of users and the potential impact of incidents on the digital economy and public trust.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c41134 elementor-widget elementor-widget-heading\" data-id=\"0c41134\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">B2B managed ICT service providers<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7a2f442 elementor-widget elementor-widget-text-editor\" data-id=\"7a2f442\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>This category includes managed services and managed security services providers that provide critical IT support to other organizations. Because of their position in the digital supply chain, an incident at this level can affect a large number of customers simultaneously. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4c20bff elementor-widget elementor-widget-heading\" data-id=\"4c20bff\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Critical research organizations<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c30ebb6 elementor-widget elementor-widget-text-editor\" data-id=\"c30ebb6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Research organizations involved in strategic areas or with an impact on national or economic security are considered as important entities. NIS 2 requires the protection of research results, IT infrastructures and sensitive data against unauthorized access or compromise. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2342\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"3\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-2342\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Supply chain entities - indirect application <\/div><\/span>\n\t\t\t\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2342\" class=\"elementor-element elementor-element-80aff92 e-con-full e-flex e-con e-child\" data-id=\"80aff92\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ea4f4ad elementor-widget elementor-widget-text-editor\" data-id=\"ea4f4ad\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS 2 applies not only to critical and important entities, but also to companies in the supply chain that provide critical services, products or operational support to them. In Romania, the supply chain is the most common mode of entry under NIS 2, as the cybersecurity obligations extend to suppliers and partners on which the regulated entities are operationally dependent. <\/p>\n<p>According to Directive (EU) 2022\/2555 and OUG 155\/2024, NIS 2 entities are obliged to manage supplier risks through assessments, contractual clauses and security controls. Furthermore, DNSC can directly designate as NIS 2 entity any organization with a critical role in the supply chain, even if it does not meet the size criteria. <\/p>\n<p>In practice, deficiencies in the supply chain are considered as one of the main grounds for sanctions from 2026 onwards, in the context of the intensified NIS 2 controls.<\/p>\n<p> <\/p>\n<p>Real examples from practice &#8211; how organizations under NIS 2 enter the supply chain<\/p>\n<p>In practice, very many organizations fall under NIS 2 not through direct classification as essential or important entities, but through their operational role in the supply chain of regulated entities. Below are the most common situations encountered. <\/p>\n<p>Please note: This is not an exhaustive list, only relevant examples from practice.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e1118a1 elementor-widget elementor-widget-heading\" data-id=\"e1118a1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Critical Infrastructure IT Providers<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a9cda2e elementor-widget elementor-widget-text-editor\" data-id=\"a9cda2e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>IT companies that manage or have access to systems used by NIS 2 entities may become regulated entities.<\/p>\n<p>Concrete example:<\/p>\n<ul>\n<li>firms managing the IT infrastructure of banks or hospitals<\/li>\n<li>cloud, hosting or data center service providers<\/li>\n<li>companies offering SOC, NOC, 24\/7 monitoring<\/li>\n<li>developers or maintenance for critical applications (ERP, invoicing, SCADA)<\/li>\n<li>security solution providers (EDR\/XDR, firewall, SIEM)<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-56db5fe elementor-widget elementor-widget-heading\" data-id=\"56db5fe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Transport and logistics for key sectors<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8bf14d9 elementor-widget elementor-widget-text-editor\" data-id=\"8bf14d9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Transportation and logistics operators become part of NIS 2 when they provide critical deliveries for essential or important entities.<\/p>\n<p>Concrete example:<\/p>\n<ul>\n<li>carriers of fuels, gas, oil products<\/li>\n<li>logistics companies for medicines, vaccines or medical equipment<\/li>\n<li>specialized transport for hazardous chemicals<\/li>\n<li>operators supplying critical parts for power plants or distribution networks<\/li>\n<li>logistics warehouses for pharmaceutical or energy chains<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fab8c12 elementor-widget elementor-widget-heading\" data-id=\"fab8c12\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Facility management, security and access in critical areas<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b9cf1c1 elementor-widget elementor-widget-text-editor\" data-id=\"b9cf1c1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Companies that have physical or logical access to sensitive infrastructures are considered risk vectors.<\/p>\n<p>Concrete example:<\/p>\n<ul>\n<li>guard and security companies for data centers or power plants<\/li>\n<li>access control providers, badges, CCTV<\/li>\n<li>HVAC, electrical or UPS maintenance companies for critical infrastructure<\/li>\n<li>cleaning services in premises with access to sensitive IT equipment<\/li>\n<li>building managers for hospitals, energy or telecom headquarters<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1da0c81 elementor-widget elementor-widget-heading\" data-id=\"1da0c81\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Manufacturers and suppliers for the food industry<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a0a5374 elementor-widget elementor-widget-text-editor\" data-id=\"a0a5374\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Suppliers supporting the operation of critical food businesses enter the regulated chain.<\/p>\n<p>Concrete example:<\/p>\n<ul>\n<li>packaging manufacturers for large food processors<\/li>\n<li>suppliers of critical ingredients, additives or raw materials<\/li>\n<li>food labeling and traceability companies<\/li>\n<li>suppliers of industrial food processing equipment<\/li>\n<li>IT firms managing production or traceability systems<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3be9a48 elementor-widget elementor-widget-heading\" data-id=\"3be9a48\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Medical clinics and laboratories<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-33f1619 elementor-widget elementor-widget-text-editor\" data-id=\"33f1619\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Healthcare facilities that use advanced devices or serve public hospitals may fall under NIS 2.<\/p>\n<p>Concrete example:<\/p>\n<ul>\n<li>medical imaging clinics (MRI, CT, radiology)<\/li>\n<li>Analytical laboratories processing samples for public hospitals<\/li>\n<li>aesthetic or surgical clinics using advanced medical lasers<\/li>\n<li>medical software vendors (RIS, LIS, PACS)<\/li>\n<li>diagnostic centers connected to hospital systems<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d36a690 elementor-widget elementor-widget-heading\" data-id=\"d36a690\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">HoReCa with an operational role in critical chains<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0361946 elementor-widget elementor-widget-text-editor\" data-id=\"0361946\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>HoReCa falls under NIS 2 when it directly supports critical activities.<\/p>\n<p>Concrete example:<\/p>\n<ul>\n<li>catering companies for hospitals, military bases or prisons<\/li>\n<li>restaurants or canteens supplying large food processors<\/li>\n<li>hotels hosting IT teams, SOC or critical staff<\/li>\n<li>locations with IT networks interconnected with key entities<\/li>\n<li>HoReCa services operated within critical infrastructures<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2343\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"4\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-2343\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Differences between categories <\/div><\/span>\n\t\t\t\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2343\" class=\"elementor-element elementor-element-52120bc e-flex e-con-boxed e-con e-child\" data-id=\"52120bc\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b65ab51 elementor-widget elementor-widget-text-editor\" data-id=\"b65ab51\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<ul><li>Key entities \u2192 proactive supervision, regular checks, fines up to 2%.<\/li><li>Large entities \u2192 reactive supervision, clear obligations, fines up to 1.4%.<\/li><li>Supply chain \u2192 indirect enforcement through contracts and customer audits + risk of direct designation by DNSC.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-1949800888\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-1949800888\" data-tab-index=\"8\" style=\"--n-tabs-title-order: 8;\" class=\" elementor-element elementor-element-248a704 e-con-full e-flex e-con e-child\" data-id=\"248a704\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1c42edf elementor-widget elementor-widget-text-editor\" data-id=\"1c42edf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Fines are set at the higher of the fixed ceiling or the percentage of annual global turnover, and for many Romanian companies they can amount to hundreds of thousands or millions of euros.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6b14ebe elementor-widget elementor-widget-n-accordion\" data-id=\"6b14ebe\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;default_state&quot;:&quot;expanded&quot;,&quot;max_items_expended&quot;:&quot;one&quot;,&quot;n_accordion_animation_duration&quot;:{&quot;unit&quot;:&quot;ms&quot;,&quot;size&quot;:400,&quot;sizes&quot;:[]}}\" data-widget_type=\"nested-accordion.default\">\n\t\t\t\t\t\t\t<div class=\"e-n-accordion\" aria-label=\"Accordion. Open links with Enter or Space, close with Escape, and navigate with Arrow Keys\">\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1120\" class=\"e-n-accordion-item\" open>\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"1\" tabindex=\"0\" aria-expanded=\"true\" aria-controls=\"e-n-accordion-item-1120\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Sanctions for key entities <\/div><\/span>\n\t\t\t\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1120\" class=\"elementor-element elementor-element-11a8924 e-con-full e-flex e-con e-child\" data-id=\"11a8924\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e375418 elementor-widget elementor-widget-heading\" data-id=\"e375418\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Serious infringements<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9dd3050 elementor-widget elementor-widget-text-editor\" data-id=\"9dd3050\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Serious infringements: up to \u20ac10 million or 2% of global turnover (whichever is higher).<\/p>\n<p><br>In case of failure to comply with critical obligations &#8211; such as lack of risk management (Art. 21), failure to report major incidents within 24 hours, lack of continuity plans (BCDR), exposure of OT\/SCADA systems or ignoring supply chain risks In addition to a fine, authorities can order suspension of critical activities for up to 2 years, a ban on holding management positions for up to 5 years, forced remediation and publication of the incident.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-545e5a2 elementor-widget elementor-widget-heading\" data-id=\"545e5a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Average infringements<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ddfaa66 elementor-widget elementor-widget-text-editor\" data-id=\"ddfaa66\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Medium violations &#8211; can be sanctioned with fines between 1,500 and 500,000 lei.<br\/>Procedural violations, such as failure to register with the DNSC, failure to update risk registers or failure to carry out incident drills.<br\/>In these situations, mandatory annual audits, remediation plans and ongoing supervision by the DNSC may be required.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-238c150 elementor-widget elementor-widget-heading\" data-id=\"238c150\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Minor infringements<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4352097 elementor-widget elementor-widget-text-editor\" data-id=\"4352097\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Minor infringements &#8211; fines between 1,000 and 100,000 lei, accompanied by warnings and the obligation to correct immediately, at the risk of escalation of sanctions.<\/p>\n<p>(Reporting errors or documentary non-conformities.)<\/p>\n<p> <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1121\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"2\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1121\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Sanctions for major entities <\/div><\/span>\n\t\t\t\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1121\" class=\"elementor-element elementor-element-c1e6d48 e-con-full e-flex e-con e-child\" data-id=\"c1e6d48\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6c4369a elementor-widget elementor-widget-heading\" data-id=\"6c4369a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Serious infringements<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-77667cf elementor-widget elementor-widget-text-editor\" data-id=\"77667cf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Serious infringements &#8211; fines of up to \u20ac7 million or up to 1.4% of annual global turnover, whichever is higher.  <\/p>\n<p>In the case of major non-compliances, such as lack of security policies, failure to implement multi-factor authentication (MFA), failure to report incidents within the legal deadline of 24 hours or ignoring DNSC requests and controls.<br\/>In addition to a fine, the authorities can order a suspension of up to one year, a ban on holding management positions for up to 2 years, forced remediation of deficiencies and public notification of affected customers.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0bfde8f elementor-widget elementor-widget-heading\" data-id=\"0bfde8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">  Average infringements<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-136799b elementor-widget elementor-widget-text-editor\" data-id=\"136799b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Medium infringements &#8211; can be sanctioned with fines between 1,000 and 300,000 lei.  <\/p>\n<p>These include misconduct such as failure to register with the DNSC, delays in reporting incidents, failure to comply with procedural requirements or administrative violations.<br>In such situations, mandatory audits borne by the organization, repeated warnings and increased monitoring may be imposed.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b8afe8b elementor-widget elementor-widget-heading\" data-id=\"b8afe8b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">  Minor infringements<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-95b355a elementor-widget elementor-widget-text-editor\" data-id=\"95b355a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Minor violations &#8211; fines between 1,000 and 100,000 lei, accompanied by administrative corrections and continuous monitoring.  <\/p>\n<p>These may relate to documentation non-compliance, lack of staff training or cybersecurity awareness deficiencies.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-1949800889\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-1949800889\" data-tab-index=\"9\" style=\"--n-tabs-title-order: 9;\" class=\" elementor-element elementor-element-5a96fc6 e-con-full e-flex e-con e-child\" data-id=\"5a96fc6\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-21ec8ab elementor-widget elementor-widget-text-editor\" data-id=\"21ec8ab\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Compliance with NIS 2 is a mandatory and continuous cyber risk management process.<\/p><p>Taken in an unorganized or delayed approach, compliance can take 12-24 months, involve high costs and expose the organization to fines of millions of euros. Taken in a structured approach, the process can be completed in 4-9 months, with controlled costs, operational continuity and legal predictability. <br>Below, we present the 3 essential steps to be taken to correctly comply with NIS 2 before the first controls.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9fc4b23 elementor-widget elementor-widget-heading\" data-id=\"9fc4b23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">  Step 1 - Establishing the classification<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a1bb581 elementor-widget elementor-widget-text-editor\" data-id=\"a1bb581\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The first essential step in complying with NIS 2 is to correctly categorize whether it is a critical entity, a significant entity or a supply chain entity. Many medium and large companies fall under NIS 2 indirectly, through their operational role vis-\u00e0-vis energy, banking, healthcare or telecom entities. <\/p>\n<p>Rapid clarification is needed on size criteria, membership of Annex I and II sectors and role in the supply chain, where DNSC can designate the entity even without meeting the classic criteria. Without this step, there is a risk of applying the wrong measures or missing critical obligations. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-769c29f elementor-widget elementor-widget-heading\" data-id=\"769c29f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Step 2 - Implement the 8 mandatory categories<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0df82c9 elementor-widget elementor-widget-text-editor\" data-id=\"0df82c9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Until the first DNSC audit, organizations must demonstrate the implementation of the 8 mandatory categories of cybersecurity measures in proportion to their risk and maturity:<\/p>\n<ol>\n<li>Formal registration with DNSC &#8211; permanent requirement, including late registrations in 2026, with remediation plan.<\/li>\n<li>Full risk assessment and gap analysis &#8211; IT\/OT, critical services, maturity self-assessment and annual reporting to DNSC.<\/li>\n<li>Mandatory internal policies and procedures &#8211; minimum of 10 areas, approved by senior management and agreed at management level.<\/li>\n<li>Minimum technical measures &#8211; MFA, encryption, EDR\/XDR, tested backup, network segmentation, patch management and hardening.<\/li>\n<li>Annual training and phishing simulations &#8211; for employees and specific training for management.<\/li>\n<li>Supplier assessment and NIS 2 clauses in contracts &#8211; including audit rights and incident reporting obligations.<\/li>\n<li>Business Continuity Plans (BCP) and Disaster Recovery Plans &#8211; documented, regularly tested and risk adapted (RTO\/RPO).<\/li>\n<li>Incident reporting and representation in audits &#8211; 24h reporting, designation of NIS officer and cooperation with DNSC.<\/li>\n<\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d952091 elementor-widget elementor-widget-heading\" data-id=\"d952091\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Step 3 - Documentation, testing and proof of conformity<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cb1b3bd elementor-widget elementor-widget-text-editor\" data-id=\"cb1b3bd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS 2 requires proof of compliance, not just formal implementation of measures. Management-approved policies, risk assessments, evidence of testing (backup, phishing, BCP\/DR), incident reports and training records must be presented at the audit. Lack of documentation and testing is one of the most common causes of sanctions, including for large entities  <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-19498008810\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-19498008810\" data-tab-index=\"10\" style=\"--n-tabs-title-order: 10;\" class=\" elementor-element elementor-element-96f6e35 e-con-full e-flex e-con e-child\" data-id=\"96f6e35\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a7d1faa elementor-widget elementor-widget-text-editor\" data-id=\"a7d1faa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Acting now enables NIS 2 compliance to be achieved quickly, in a controlled and cost-optimized manner, while delaying significantly increases the risk of proactive controls and penalties from Q2-Q3 2026 onwards, as the official period of forbearance and accommodation by the authorities closes.<\/p><p>The DNSC is currently in a phase of transition and accommodation of the NIS 2 framework, providing real and active support to organizations through detailed public guidance, written clarifications, rapid operational responses, and a national series of free workshops dedicated to implementation. According to official communications sent to registered entities and public announcements, large-scale proactive controls are planned to start from Q2-Q3 2026, which creates a clear window of several months for voluntary compliance without immediate sanctioning pressure. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dbe66d5 elementor-widget elementor-widget-heading\" data-id=\"dbe66d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Benefits of early compliance<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9a907cb elementor-widget elementor-widget-text-editor\" data-id=\"9a907cb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Those who start complying now benefit from a favorable context that is difficult to replicate later:<\/p>\n<ul>\n<li>High procedural tolerance and flexibility on the part of the DNSC (compliance plans accepted in stages, realistic deadlines for implementation);<\/li>\n<li>High availability of specialized suppliers (consultants, external vCISO, EDR\/XDR solutions), including preferential packages;<\/li>\n<li>Planning budgets without the pressure of looming fines and emergency spending;<\/li>\n<li>sufficient time to negotiate NIS 2 clauses with suppliers and supply chain partners;<\/li>\n<li>phased implementation, no major operational bottlenecks and no crisis decisions.<\/li>\n<\/ul>\n<p>Time is limited, but compliance can be done correctly, predictably and to the benefit of the organization if the process is started now.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-19498008811\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-19498008811\" data-tab-index=\"11\" style=\"--n-tabs-title-order: 11;\" class=\" elementor-element elementor-element-4d149a9 e-con-full e-flex e-con e-child\" data-id=\"4d149a9\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1626dc3 elementor-widget elementor-widget-heading\" data-id=\"1626dc3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Personal liability of management<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-43a4048 elementor-widget elementor-widget-text-editor\" data-id=\"43a4048\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>According to NIS 2 (transposed by OUG 155\/2024), responsibility for cybersecurity is not only institutional but also personal. Governing bodies (directors, managing directors) must approve and supervise risk management measures, participate in accredited training and are directly liable for violations, and can be sanctioned with personal fines and temporary bans from management positions until non-compliances are fully remedied. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c226b0c elementor-widget elementor-widget-heading\" data-id=\"c226b0c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Limited and conditional leniency<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-11dc577 elementor-widget elementor-widget-text-editor\" data-id=\"11dc577\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Reduction of penalties by up to 50% is only possible if the fine is paid within 15 days of notification (not necessarily conditional on immediate cooperation, but cooperation and remediation may influence the DNSC&#8217;s decision on further action). Postponement or partial cooperation eliminates this possibility and may aggravate sanctions <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-19498008812\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-19498008812\" data-tab-index=\"12\" style=\"--n-tabs-title-order: 12;\" class=\" elementor-element elementor-element-193650c e-con-full e-flex e-con e-child\" data-id=\"193650c\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e5c436c elementor-widget elementor-widget-text-editor\" data-id=\"e5c436c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The level of supervision varies according to the category of employment, but the requirements remain high in all cases:<\/p><ul><li>Key entities are subject to proactive (ex-ante) oversight, which may include unannounced inspections, spot audits, requests for information and minimal tolerance of non-compliance;<\/li><li>important entities are supervised reactively (ex-post), but once a control is triggered &#8211; usually following an incident or indications &#8211; the level of verification and the measures taken may become comparable to those applied to essential entities.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-19498008813\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-19498008813\" data-tab-index=\"13\" style=\"--n-tabs-title-order: 13;\" class=\" elementor-element elementor-element-e8e00b9 e-con-full e-flex e-con e-child\" data-id=\"e8e00b9\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6f18c7b elementor-widget elementor-widget-text-editor\" data-id=\"6f18c7b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Some areas, such as national defense, national security (including SRI\/SIE), foreign affairs (MAE), classified information and central banks (BNR), are totally or partially excluded from the application of this regime, according to the legal provisions (art. 2 of GEO 155\/2024). Entities under DORA (Reg. (EU) 2022\/2554) have limited application.  <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-19498008814\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-19498008814\" data-tab-index=\"14\" style=\"--n-tabs-title-order: 14;\" class=\" elementor-element elementor-element-64114f3 e-con-full e-flex e-con e-child\" data-id=\"64114f3\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8b1c2bb elementor-widget elementor-widget-text-editor\" data-id=\"8b1c2bb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<ul><li>Are you registered with the DNSC (or do you have your application initiated and documented)?<\/li><li>Do you have an updated risk assessment and gap analysis (IT + OT, if applicable)?<\/li><li>Do you have policies and procedures approved by management (access, incident, backup, continuity, vendors, etc.)?<\/li><li>Do you have MFA implemented (at least for privileged accounts and remote access)?<\/li><li>Do you have regular backups and restore tests (proof + results)?<\/li><li>Do you have patch management and hardening (including for critical\/OT systems)?<\/li><li>Do you have monitoring and detection measures in place (logging, alerting, EDR\/XDR or equivalent)?<\/li><li>Do you have annual security training + phishing simulations (highlights, rates, improvements)?<\/li><li>Do you have supplier evaluation and security contractual clauses (right to audit, incident reporting)?<\/li><li>Do you have BCP\/DR (continuity and recovery) regularly tested with defined RTO\/RPO?<\/li><li>Do you have a clear procedure for reporting incidents (who, when, how, within 24h)?<\/li><li>Do you have a set of evidence of compliance ready (documents + logs + reports + processes)?<\/li><\/ul><p> <\/p><p>If there are many &#8220;no&#8217;s&#8221;, compliance should be started in stages, prioritizing critical requirements.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-19498008815\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-19498008815\" data-tab-index=\"15\" style=\"--n-tabs-title-order: 15;\" class=\" elementor-element elementor-element-22d8682 e-con-full e-flex e-con e-child\" data-id=\"22d8682\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4ce647d elementor-widget elementor-widget-text-editor\" data-id=\"4ce647d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>NIS2 is not &#8220;just IT&#8221;: it includes processes, people, governance and suppliers.<\/p><p>NIS2 is not solved with a set of &#8220;form&#8221; documents: it is the actual proof and functioning that counts in the control.<\/p><p>NIS2 is not &#8220;buy a tool and that&#8217;s it&#8221;: without processes and accountability, tools don&#8217;t help.<\/p><p>NIS2 does not only apply to &#8216;very large&#8217; entities: many companies enter through the supply chain.<\/p><p>NIS2 is not a &#8220;one-off&#8221; project: it requires review, testing, reporting and continuous improvement.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div id=\"e-n-tab-content-19498008816\" role=\"tabpanel\" aria-labelledby=\"e-n-tab-title-19498008816\" data-tab-index=\"16\" style=\"--n-tabs-title-order: 16;\" class=\" elementor-element elementor-element-133f303 e-con-full e-flex e-con e-child\" data-id=\"133f303\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8f19686 elementor-widget elementor-widget-heading\" data-id=\"8f19686\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">If I didn't register with the DNSC on time, can I still?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-22c0fc2 elementor-widget elementor-widget-text-editor\" data-id=\"22c0fc2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Yes. The obligation remains in force. Late registration is preferable to non-registration, especially if accompanied by a realistic plan for compliance.  <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6744b7b elementor-widget elementor-widget-heading\" data-id=\"6744b7b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Can NIS 2 apply if I am not in a \"critical\" sector?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-20baa8d elementor-widget elementor-widget-text-editor\" data-id=\"20baa8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Yes, through the supply chain: if you provide critical services\/processes for an NIS 2 entity, you may be contractually required, audited by customers or even appointed, under certain conditions, as legally required.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-506cac0 elementor-widget elementor-widget-heading\" data-id=\"506cac0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What, in practice, does the DNSC check during an inspection?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4633a87 elementor-widget elementor-widget-text-editor\" data-id=\"4633a87\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>In general: existence of risk management framework, minimum technical measures, governance, providers, suppliers, continuity, incident reporting and, in particular, evidence that these are implemented and tested<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c91c2ff elementor-widget elementor-widget-heading\" data-id=\"c91c2ff\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What is 24-hour incident reporting?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-572a52a elementor-widget elementor-widget-text-editor\" data-id=\"572a52a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The major difference is the supervisory regime: essential &#8211; more proactive, important &#8211; more reactive; but the basic obligations remain serious in both cases.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7b7da81 elementor-widget elementor-widget-heading\" data-id=\"7b7da81\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What is the difference between essential and important entities?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6573ef8 elementor-widget elementor-widget-text-editor\" data-id=\"6573ef8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>The major difference is the supervisory regime: essential &#8211; more proactive, important &#8211; more reactive; but the basic obligations remain serious in both cases.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3ebdd05 elementor-widget elementor-widget-heading\" data-id=\"3ebdd05\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What's the risk if I just have documents but don't test the measures?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aaff8f9 elementor-widget elementor-widget-text-editor\" data-id=\"aaff8f9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Lack of testing (backup, DR, incident drills) and lack of records are among the most common vulnerabilities to controls.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b8fd584 elementor-widget elementor-widget-heading\" data-id=\"b8fd584\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Who in the company is responsible for NIS 2?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a1fb9e4 elementor-widget elementor-widget-text-editor\" data-id=\"a1fb9e4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>Management has approval, oversight and resource obligations. Implementation is through clearly defined internal accountabilities and a demonstrable governance model. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Everything you need to know about nis2 Home Requirements, obligations and impact for your organization NIS2 Directive comes with new rules for digital security in the EU, but they don&#8217;t have to be difficult to understand. We have summarized the most important information for you: who is affected, what obligations arise and how you can [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1552","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/bdhs-solutions.com\/en\/wp-json\/wp\/v2\/pages\/1552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bdhs-solutions.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bdhs-solutions.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bdhs-solutions.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bdhs-solutions.com\/en\/wp-json\/wp\/v2\/comments?post=1552"}],"version-history":[{"count":1,"href":"https:\/\/bdhs-solutions.com\/en\/wp-json\/wp\/v2\/pages\/1552\/revisions"}],"predecessor-version":[{"id":1567,"href":"https:\/\/bdhs-solutions.com\/en\/wp-json\/wp\/v2\/pages\/1552\/revisions\/1567"}],"wp:attachment":[{"href":"https:\/\/bdhs-solutions.com\/en\/wp-json\/wp\/v2\/media?parent=1552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}