Cybersecurity

Looking for a cybersecurity lawyer? I offer DORA consulting and NIS2 consulting to guide your organization through compliance with European digital security regulations.

Legal cybersecurity: DORA and NIS2

The European regulatory landscape on cybersecurity has expanded significantly. DORA (Digital Operational Resilience Act) for the financial sector and NIS2 for critical infrastructure and essential sectors impose new obligations on digital operational resilience, ICT risk management and incident reporting.

As a cybersecurity specialist lawyer, I help organizations navigate these requirements with an approach that combines legal expertise and technical understanding.

DORA Compliance – Financial sector

DORA (EU Regulation 2022/2554) has been fully applicable since January 2025. The main requirements:

• ICT risk management – Documented framework to identify, protect, detect, respond and recover
• Resilience testing – Programme of periodic tests, including TLPT for significant entities
• ICT third-party risk management – Due diligence and continuous monitoring of ICT providers
• Incident reporting – Notification processes within regulatory timeframes
• Information sharing – Sharing of intelligence on cyber threats

NIS2 Compliance – Essential and important sectors

NIS2 (EU Directive 2022/2555) extends the cybersecurity perimeter to 18 sectors. The NIS2 obligations include:

• Risk management measures – Security policies, incident management, business continuity
• Supply chain security – Assessment and monitoring of supply chain security
• Incident reporting – Early warning within 24 hours, full notification within 72 hours
• Management accountability – Governing bodies are directly liable
• ACN compliance – Registration and compliance with the requirements of the National Cybersecurity Agency

Incident response and data breach

When a cyber incident occurs, response times are critical. I provide immediate legal support for:

• Assessment of the notification obligation (GDPR, DORA, NIS2)
• Coordination with competent authorities
• Management of communication to data subjects
• Analysis of contractual liability with suppliers

DORA and NIS2: differences and overlaps

DORA and NIS2 have overlapping areas but different scopes. DORA is a regulation directly applicable to the financial sector, NIS2 is a directive that requires national transposition. A financial entity subject to DORA may be exempt from some NIS2 obligations, but not all. Coordinating the two frameworks is essential to avoid duplications and ensure efficient compliance.