Simplifying compliance: Translating NIS2 and CER into real‑world security practices

In this webinar, we will examine the EU NIS2 and CER Directives and explore what compliance means in practice for Important, Essential, and Critical entities. We will discuss how organisations can comply with national implementing laws, and how regulatory expectations translate into governance, accountability, and reporting obligations - including the management of cybersecurity and resilience risks across internal operations and supply‑chain ecosystems.

The EU NIS2 and related CER Directive present significant challenges for Important, Essential and Critical entities. These challenges cannot be ignored, particularly as laws introduce new compliance and reporting obligations, including the potential for financial penalties in case of noncompliance.

Achieving compliance requires a coordinated organisational effort, clear accountability, and close alignment between technical, legal, commercial, and management functions. In this webinar, we will explore key aspects of NIS2 and CER and how they apply across EU Member States, focusing on the obligations of Important, Essential, and Critical entities.

During the session, NIS2 and CER will be discussed from both legal and technical standpoints: 

  • Legal perspective – regulatory context, scope, compliance with national implementing laws, responsible authorities, and supplychain requirements 

  • Technical and operational perspective – governance models, ISMS implementation, reporting, and realworld challenges across IT and OT environments 

The webinar aims to make the implementation of NIS2 and CER more “real” for Important, Essential, and Critical entities.

Key Takeaways

By attending this webinar, participants will: 

  • Understand how NIS2 and CER function as EU directives, and what compliance with national implementing laws means for organisations in scope. 
  • Gain clarity on which organisations qualify as Important, Essential or Critical entities under NIS2 and CER 
  • Learn how supply chain and ecosystem security requirements affect governance, contracts and organisational accountability  
  • See how organisations across Europe are tackling NIS2 and CER challenges today - and what lessons you can apply immediately 
  • Align legal, technical, commercial, and management functions to enable pragmatic, scalable compliance. 

Meet our speakers 

  • Alfred Schroeder, Principal Consultant OT Cybersecurity and Functional Safety at DNV Cyber.  
    Alfred is an industrial and OT automation specialist focusing on cybersecurity consulting and the implementation of Information Security Management Systems (ISMS) required by NIS2, CER, and IEC 62443 for critical infrastructure and industrial environments. He has over 30 years of experience in industrial automation engineering and consultancy, and has served as President for the SA Council of Automation and Control, a member organization of the IFAC (International Federation of Automatic Control)
     
  • Anna Rossi, Lead Privacy and Cybersecurity Lawyer at DNV Cyber 
    Anna specialises in privacy, data protection, regulatory cybersecurity, and the evolving EU regulatory framework for data and AI. She supports organisations across the full regulatory lifecycle, from advising top management on strategic compliance questions.