EU Regulation
NIS 2 · · 4 min read
NIS2 Compliance Is Now an Underwriting Requirement — Every Broker's Duty of Care
The NIS2 transposition deadline has passed. With fewer than 10% of critical entities fully compliant, carriers are starting to exclude non-compliant organizations from coverage. For insurance brokers, failing to verify client NIS2 status is now a professional liability risk. Here's what you need to know.
NIS 2 · · 18 min read
NIS2 Malta Compliance Guide: MITA Competent Authority, NIS2 Implementing Regulations, and CSIRT-MT Incident Reporting for 2026
Complete guide to NIS2 compliance in Malta — covering the NIS2 Implementing Regulations 2025 under the Malta Digital Innovation Authority Act, MITA as the competent authority and SPOC, CSIRT-MT incident reporting, entity classification tailored to Malta's small market, sector requirements, penalties, implementation timeline, and cyber insurance implications for Maltese entities.
NIS 2 · · 20 min read
NIS2 Slovakia Compliance Guide: Act on Cybersecurity Amendment, NBU Enforcement, and SK-CERT Incident Reporting for 2026
Complete guide to NIS2 compliance in Slovakia — covering the amended Act on Cybersecurity (Zákon o kybernetickej bezpečnosti), NBU (National Security Authority) enforcement as the competent authority and SPOC, SK-CERT incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Slovak entities.
NIS 2 · · 18 min read
NIS2 Slovenia Compliance Guide: Cybersecurity Act (ZKV-1), URSIV Enforcement, and SI-CERT Incident Reporting for 2026
Complete guide to NIS2 compliance in Slovenia — covering the Cybersecurity Act (Zakon o kibernetski varnosti / ZKV-1), URSIV enforcement as the national competent authority, SI-CERT incident reporting operated by ARNES, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Slovenian entities.
NIS 2 · · 9 min read
The NIS2 + AI Coverage Gap: When Your Cyber Policy Won't Cover the Incident NIS2 Requires You to Report
NIS2 mandates AI incident reporting for hundreds of thousands of EU entities. But most cyber insurance policies contain silent AI exclusions, sublimits, or ambiguity that leave insureds paying for AI incident response out of pocket — even though NIS2 required them to report the incident in the first place.
NIS 2 · · 18 min read
NIS2 Hungary Multi-Authority Enforcement Guide: NBI Sectoral Oversight, NKH Coordination, and Cross-Authority Compliance for 2026
Comprehensive guide to Hungary's multi-authority NIS2 enforcement model — covering NBI (National Security Authority) sectoral oversight for defence and security, NKH health sector coordination, cross-authority cooperation with SZTFH, interagency information-sharing frameworks, entity obligations across multiple regulators, and cyber insurance implications for Hungarian entities navigating the cooperative supervisory regime.
NIS 2 · · 15 min read
NIS2 Hungary Compliance Guide: Act LXIX of 2024, SZTFH Enforcement, and NKI Requirements for 2026
Complete guide to NIS2 compliance in Hungary — covering Act LXIX of 2024 on the Cybersecurity of Hungary, SZTFH enforcement, NKI incident reporting, entity classification, mandatory audit system, NIST-based risk classification, penalties, implementation timeline, and cyber insurance implications for Hungarian entities.
NIS 2 · · 13 min read
NIS2 Bulgaria Compliance Guide: Cybersecurity Act Amendments and DAEU Requirements for 2026
Complete guide to NIS2 compliance in Bulgaria — covering the amended Cybersecurity Act (Закон за киберсигурността), DAEU enforcement, National CSIRT bg incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Bulgarian entities.
NIS 2 · · 15 min read
NIS2 Croatia Compliance Guide: Cybersecurity Act (Zakon o kibernetičkoj sigurnosti) and AZOP Requirements for 2026
Complete guide to NIS2 compliance in Croatia — covering the Cybersecurity Act (Zakon o kibernetičkoj sigurnosti), UVNS/NCSC-HR enforcement, CERT.hr incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Croatian entities.
NIS 2 · · 16 min read
NIS2 Cyprus Compliance Guide: Security of Networks and Information Systems Law and DSA Requirements for 2026
Complete guide to NIS2 compliance in Cyprus — covering the Security of Networks and Information Systems Law (N.89(I)/2020 as amended by N.60(I)/2025), Digital Security Authority (DSA) enforcement, CSIRT-CY incident reporting, entity classification, sector requirements, penalties, implementation timeline, and cyber insurance implications for Cypriot entities.
NIS 2 · · 13 min read
NIS2 Estonia Compliance Guide: Cybersecurity Act Amendments and RIA Requirements for 2026
Complete guide to NIS2 compliance in Estonia — covering the amended Cybersecurity Act (Küberturvalisuse seadus), RIA enforcement, CERT-EE incident reporting, entity classification, sector requirements, penalties, phased implementation timeline, and cyber insurance implications for Estonian entities.
NIS 2 · · 11 min read
NIS2 Romania Compliance Guide: Romanian Cybersecurity Law and ANSI Requirements for 2026
Complete guide to NIS2 compliance in Romania — covering the amended Cybersecurity Law (Legea 361/2018), ANSI enforcement, STS coordination, entity classification, sector requirements, penalties, and implementation timeline for Romanian entities.
DORA · · 16 min read
DORA ICT Risk Management Framework: Complete Practitioner Guide for Financial Institutions and Their Insurers in 2026
Comprehensive guide to the Digital Operational Resilience Act (DORA) ICT risk management framework. Covers all 5 pillars, compliance requirements, underwriting implications, and the intersection with NIS2 for EU financial institutions.
NIS 2 · · 12 min read
How to Prepare for a NIS2 Audit: Documentation, Evidence, and Compliance Verification Guide (2026)
Complete guide to NIS2 audit preparation. Covers documentation requirements by Article, evidence collection, common failures, management liability, and a 30-day pre-audit checklist for in-scope EU entities.
NIS 2 · · 11 min read
NIS2 Austria Compliance Guide: NISG 2026 Requirements, BMI Authority and DACH Region Framework for 2026
Complete guide to NIS2 compliance in Austria. Covers the NISG 2026 (Network and Information Systems Security Act), BMI/Bundesamt für Cybersicherheit authority, entity classification, sector requirements, CERT.at incident reporting, penalties up to €10M, and the 1 October 2026 entry into force deadline.
NIS 2 · · 12 min read
NIS2 Belgium Compliance Guide: CCB Requirements and CyberFundamentals Framework for 2026
Complete guide to NIS2 compliance in Belgium. Covers the CCB enforcement framework, Law of 26 April 2024, CyberFundamentals (CyFun) compliance tracks, entity classification, sector requirements, penalties, and the 18 April 2026 deadline for essential entities.
NIS 2 · · 10 min read
How NIS2 Compliance Lowers Cyber Insurance Premiums: The Business Case for Security Investment
NIS2 compliance can reduce cyber insurance premiums by 15-40%. Learn which controls insurers value most, how to document compliance for underwriters, and calculate the ROI of security investment against premium savings.
NIS 2 · · 8 min read
NIS2 Czech Republic Compliance Guide: Act No. 264/2025, NÚKIB Authority and Strategically Important Services for 2026
Complete guide to NIS2 compliance in the Czech Republic. Covers Act No. 264/2025 Coll., NÚKIB authority, uniquely expanded scope with "strategically important services," entity classification, higher vs. lower obligations regimes, penalties up to CZK 250M (~€10M), and registration deadlines.
NIS 2 · · 8 min read
NIS2 Denmark Compliance Guide: NIS-2-loven, CFCS Authority and Danish Cybersecurity Framework for 2026
Complete guide to NIS2 compliance in Denmark. Covers the NIS-2-loven (Bill L 141), CFCS authority under Defence Intelligence, SAMSIK registration, entity classification, sector-specific obligations, criminal enforcement model, penalties up to DKK 75M (~€10M), and key registration deadlines.
NIS 2 · · 9 min read
NIS2 Finland Compliance Guide: Kyberturvallisuuslaki (Act 124/2025), Traficom Authority and Kybermittari Framework for 2026
Complete guide to NIS2 compliance in Finland. Covers the Kyberturvallisuuslaki (Cybersecurity Act 124/2025), Traficom/NCSC-FI authority, free Kybermittari self-assessment tool, entity classification with 50,000-resident municipal threshold, guidance-first enforcement, penalties up to €10M, and key registration deadlines.
NIS 2 · · 13 min read
NIS2 Greece Compliance Guide: ENSI Authority, Maritime & Energy Sector Requirements, and What Greek Entities Must Do in 2026
Complete guide to NIS2 compliance in Greece. Covers the ENSI (Εθνική Αρχή Κυβερνοασφάλειας) authority, entity classification, maritime fleet obligations, island energy infrastructure, GR-CSIRT incident reporting, penalties up to €10M, and the compliance roadmap for Greek entities.
NIS 2 · · 8 min read
NIS2 Ireland Preparation Guide: National Cyber Security Bill, NCSC Ireland and CyFun Framework for 2026
Complete guide to NIS2 preparation in Ireland. Covers the pending National Cyber Security Bill, NCSC Ireland authority, CyFun compliance framework adopted from Belgium, 15 Risk Management Measures, entity classification expectations, and what organizations should do now despite legislation not yet enacted.
NIS 2 · · 11 min read
NIS2 Netherlands Compliance Guide: NCSC-NL Requirements for Dutch Entities
Complete guide to NIS2 compliance in the Netherlands. Covers NCSC-NL enforcement, Uitvoeringswet cybersecurityrichtlijn implementation, sector-specific requirements, deadlines, penalties, and what Dutch entities must do now.
NIS 2 · · 13 min read
NIS2 Poland Compliance Guide: Ustawa o Cyberbezpieczeństwie and NCSA Requirements for 2026
Complete guide to NIS2 compliance in Poland — covering the amended Cybersecurity Act (Ustawa o cyberbezpieczeństwie), NCSA enforcement, entity classification under Polish law, sector requirements, penalties, and implementation timeline for Polish entities.
NIS 2 · · 8 min read
NIS2 Portugal Compliance Guide: Decree-Law 125/2025, CNCS Authority and Four-Tier Entity Framework for 2026
Complete guide to NIS2 compliance in Portugal. Covers Decree-Law 125/2025 (Regime Jurídico da Cibersegurança), CNCS authority, unique four-tier entity classification, mandatory cybersecurity officer appointment, 24-month delayed enforcement, penalties up to €10M, and key registration deadlines.
NIS 2 · · 11 min read
NIS2 Sweden Compliance Guide: Cybersäkerhetslagen SFS 2025:1506, MCF Authority and Nordic Framework for 2026
Complete guide to NIS2 compliance in Sweden. Covers the Cybersäkerhetslagen (Cybersecurity Act SFS 2025:1506), MCF (formerly MSB) authority, CERT-SE incident reporting, entity classification, sector requirements, decentralized supervision model, penalties up to €10M, and the January 2026 entry into force.
Cyber Resilience Act · · 12 min read
Cyber Resilience Act vs NIS2 vs DORA: Which Regulation Applies to My Insured?
A practical comparison of the three major EU cybersecurity regulations — CRA, NIS2, and DORA — explaining scope, timelines, requirements, and what cyber insurance underwriters need to ask clients in 2026.
DORA · · 23 min read
DORA ICT Risk Management Framework: What Cyber Insurance Underwriters Must Know in 2026
Complete practitioner guide to the DORA ICT risk management framework for cyber insurance underwriting. Covers the 5 pillars, how they affect coverage decisions, underwriting questions for financial sector clients, and compliance deadlines.
NIS 2 · · 9 min read
NIS2 Compliance Cost: What European Companies Actually Spend in 2026
Real NIS2 compliance costs broken down by company size and sector. Essential entities spend €150K-€2M+, important entities €30K-€500K. Includes cost framework, hidden expenses, ROI calculation, and free tools to estimate your budget.
NIS 2 · · 10 min read
NIS2 Compliance for IT Managers: The Action Plan That Actually Works in 2026
Step-by-step NIS2 compliance action plan for IT managers and CISOs. Practical implementation guide covering risk management, incident reporting, security governance, supply chain security, and business continuity — with free tools and templates.
NIS 2 · · 16 min read
NIS2 Underwriting Questions: What Every Cyber Insurance Broker Should Ask
Practical Line 1, Line 2, and Line 3 underwriting questions for NIS2-exposed clients. Essential vs important entities. Coverage gaps brokers should flag.
NIS2 Compliance Requirements · · 13 min read
NIS2 Compliance Requirements: 10 Mandatory Security Controls Before the 2026 Deadline
Master NIS2 compliance with our guide to the 10 mandatory security requirements. Learn what to implement, when deadlines hit, and how to avoid penalties up to €10 million or 2% of global turnover.
NIS 2 · · 10 min read
The NIS2 Audit Crunch: What Underwriters Need to Know Before June 30, 2026
With the June 30, 2026 NIS2 compliance audit deadline approaching, cyber underwriters face a narrow window to reassess risk profiles across their entire European portfolio. Here is what the audit requirement means for how you evaluate, price, and write cyber coverage.
NIS 2 · · 9 min read
NIS2 Directive: The Complete Compliance Guide for 2026
Everything you need to know about NIS2 compliance in 2026: which sectors are affected, key requirements, deadlines, and how to prepare your organization for the EU cybersecurity directive.