Failure to comply with the NIS 2 Directive can result in a 10 000 000 € fine

Failure to comply with the NIS 2 Directive will result in a fine. These fines are designed to strengthen compliance with cybersecurity regulations and will be enforced and remitted to the state.

For major operators, the maximum administrative fine has been established at 10 million € or 2% of the operator’s global annual turnover from the preceding fiscal year – whichever amount is higher. Meanwhile, other operators face a maximum fine of 7 million € or 1,4% of their global annual turnover from the previous fiscal year, again opting for the higher of the two figures.

These measures directly align with the NIS 2 directive’s overarching goals, which include bolstering cybersecurity standards across the European Union. The directive seeks to ensure that significant and essential entities adhere rigorously to stringent security protocols. By imposing substantial penalties for non-compliance, the aim is to mitigate the risks associated with cybersecurity threats and incidents.

Read more about this topic from the following links:

Tärkeää tietoa Euroopan unionin kyberturvallisuusdirektiivistä (NIS2)

Mitä NIS2-direktiivissä esitetyt kyberhygieniakäytännöt ovat?

The NIS 2 Directive

Direktiivi toimenpiteistä yhteisen korkeatasoisen kyberturvallisuuden varmistamiseksi koko unionissa (NIS2-direktiivi) – Usein kysyttyä

See also our previous articles on the NIS 2 Directive and ISO/IEC 27000 Standards:

NIS2 directive in a nutshell

Demystifying ISO/IEC 27000: Navigating the Landscape of Cybersecurity Standards