Hængelås Med Nøgler
Cybersecurity

Regulatory Cyber Compliance

Complex cyber compliance made simpler

The volume of EU regulation aimed at reducing cyber threats within the European Union is increasing. The “AI Act” aims to ensure that Europeans can trust what AI has to offer, and the Network & Information Systems 2 Directive (NIS2) seeks to safeguard critical sectors and supply chains, to name a few. Key challenges will be to identify where the cyber regulation applies and implement adequate security measures without overspending on security.

Our Approach

Based on our long experience of developing and securing IT solutions in complex and heavily regulated sectors, NNIT has developed an approach for organizations to reach a compliant state. This works for one piece of legislation (e.g., NIS2), but can be expanded to incorporate multiple sets of regulations. This approach is interdisciplinary; it brings NNIT’s IT, business, and compliance specialists together with your organization to understand the extent to which your organization must be brought into compliance and what needs to be done to reach this state in a pragmatic way.

Identification of the services, processes, and products covered by EU cyber regulation, typically based on your service/product catalog or contractual obligations. Output is a list of the systems or suppliers that must be compliant.

Mapping from regulatory requirements to security controls which can be used to reduce cyber risks. Output is a list linking directives to security controls, as well as a maturity assessment of the ‘as-is’ state of the controls.

Analysis of the potential gap between the current security level and the level required for regulatory compliance. Output is a bar chart showing the difference between your current security level and where you need to be if you are to be compliant.

An overview of what is required for compliance. Output is a table of which ongoing or scheduled future security projects will contribute to compliance, as well as a list and high-level description of new projects or initiatives that NNIT recommends to ensure compliance.


Key benefits and business outcome

  • Understanding of which parts of your business are affected by EU cyber regulation.
  • Transparency as to which security controls are required for compliance.
  • Clarity regarding the possible gap existing between the current security level and a compliant state.
  • Opportunity to streamline controls to address multiple regulatory frameworks.

EU Regulation Landscape

NNIT has compiled the table below to illustrate the volume, internal relationship, and outline of the EU’s current cyber regulation:

Cross-Sector Regulation Outline of regulation Effective date
GDPR The protection of natural persons with regard to the processing of personal data and on the free movement of such data May 25. 2018
Open Data Directive Legal framework for the reuse of public-sector information such as geographical, land registry, statistical, or legal information held by public-sector bodies or public undertakings, and of publicly funded research data. July 17, 2021
Digital Markets Act Aims to guarantee a competitive and fair digital sector, allowing innovative digital businesses to grow and ensuring the safety of users online, through clear obligations and prohibitions for large online platforms, …
banning unfair practices on large online platforms.		 May 2, 2023
Data Governance Act To make more data available for reuse and facilitate data sharing across sectors for the benefit of EU citizens and businesses, creating jobs and stimulating innovation. September 24, 2023
Digital Services Act To create a safer online environment for consumers and companies in the EU, with a set of rules designed to protect consumers and their fundamental rights, define clear responsibilities for online platforms and social media, deal with illegal content and products, hate speech and disinformation, achieve greater transparency with better reporting and oversight, and encourage innovation, growth, and competitiveness. February 17, 2024
High-Value Datasets Act Legal framework for the reuse of public-sector information such as geographical, land registry, statistical, or legal information held by public-sector bodies or public undertakings, and of publicly funded research data. June 9, 2024
NIS2 Sets out a common cybersecurity regulatory framework aiming to enhance the level of cybersecurity in the EU through introducing cybersecurity risk-management measures and reporting in critical sectors, along with rules on cooperation, information sharing, supervision, and enforcement. October 18, 2024
Accessibility Act Aims to harmonize accessibility requirements for certain products and services by eliminating and preventing any free-movement barriers that may exist because of divergent national legislation. It aims to bring benefits to businesses, people with disabilities, and the elderly. June 28, 2025
Data Act Establishes clear and fair data access and rules for accessing and using data generated by Internet of Things (IoT) products. September 12, 2025
AI Act Improve the functioning of the internal market by laying down a uniform legal framework in particular for the development, marketing and use of artificial intelligence in conformity with Union values. Proposal
ePrivacy To ensure stronger privacy in electronic communications, while opening up new business opportunities. Proposal
Cyber Resilience Act Aims to safeguard consumers and businesses buying or using products or software with a digital component. The Act introduces mandatory cybersecurity requirements for manufacturers and retailers of such products, with this protection extending throughout the product lifecycle. Proposal
Digital Identity Regulation Citizens will be able to prove their identity and share electronic documents from their European Digital Identity wallets with the click of a button on their phone. They will be able to access online services with their national digital identification, which will be recognized throughout Europe. Proposal

Our experts are ready to help

Contact us, and we will find a solution that suits your needs

Contact Us
Nnnit Portrait Nhkap