NIS2 directive and the new Cybersecurity Act

Legal Impact Analysis: We will assess whether NIS2 would affect your business in any way and advise you on specific steps you need to take to adapt to the new requirements.

Legal Advisory: We will provide you with legal advice related to the NIS2 directive, including the basic requirements that apply to you, and suggest how these requirements can be met.

Subsidy Advisory: We assess the possibilities of using available funds to support the implementation of relevant cybersecurity measures, both at the European and national levels. We provide other related legal services, including fund eligibility assessments and preparation as well as submission of applications for financial support.

Contractual Documentation: We will prepare the necessary contractual documentation required by NIS2 to protect you and your critical information infrastructure.

Training and Education: We provide training and education for your organisation's senior staff and statutory bodies so that they can understand the NIS2 directive and its impact and take appropriate measures.

Representation: We will represent you in front of public authorities, focusing on the protection of your rights and interests. We also provide other services related to the legislative process - legislative monitoring, impact analysis and strategic planning, and communication with public authorities to promote your organisation's interests.

What the adoption of NIS2 means for many businesses is mainly the need to align the new requirements with business processes, organisational structure, staffing and technology base. We provide our clients with a range of services related to the regulatory environment. We use our own proven tools in our analyses, which enable us to effectively identify gaps and prioritize individual steps leading to compliance. Examples include the Deloitte NIS2 Maturity Assessment Tool as well as the NIS2 and Czech Cybersecurity Act Maturity Assessment Tool (currently in preparation).

Maturity Analysis: We will analyse existing processes, applications, and personnel security in the context of the NIS2 directive in your organisation.

Implementation Roadmap: We will design and implementation roadmap for NIS2 specifically for your needs, considering the technological and organisational readiness of your company. In terms of technology, we often recommend the use of cloud services and their optimal mix with traditional enterprise ICT (e.g., a combination of AWS, MS Azure, M365 with on-premises infrastructure).

Other Technologies: We will conduct an IT, business, and financial assessment of the options to consider. 

Proposal of Changes: We will propose specific changes at the level of the whole and individual domains and validate the proposals with you.

Implementation Plan: We will prepare a detailed implementation plan for your specific needs, reflecting the cultural and technological environment in your company.

Once the implementation plan is in place, we typically assist with the implementation process and integration of on-premises and cloud technologies. We see cloud technologies as a significant accelerator of NIS2 adoption in business. We have hands-on experience with small and large-scale implementations of M365, Azure, AWS, GCP and many other cloud-based SaaS services in the cybersecurity space, as well as projects that place a strong emphasis on the synergy of security and IT with various business processes.

How do we get involved? Together, we will plan the form and depth of our engagement based on your needs and expectations.

Your company context: We will map your organisation, the impact of NIS2 and related cybersecurity laws on your business, together with the staffing, financial, and technological context in your company.

Information Gathering: We will gather information about cybersecurity in your organization, specifically in relation to ICT assets, related threats, job roles and procedures, and other aspects.

Security Risks: We will identify cybersecurity risks relevant to your organisation.

GAP Analysis: We will perform a GAP analysis comparing the current state of cybersecurity with the desired target state (i.e., full compliance with NIS2 or the Cybersecurity Act).

Security Measures: Together, we will implement cyber security measures to mitigate prioritized risks.

Quality Check: We will adjust the measures and capture the lessons learned. We will make sure that the measures put in place are sustainable and will be reviewed regularly.