Tresorit at Infosecurity Europe 2025: Turning NIS2 from law into real-world resilience

NIS2 is already reshaping the cybersecurity landscape across the EU, introducing stricter obligations for a wide range of organizations. Even as some Member States finalize national implementation, the directive is already in force — and those in scope need to start taking concrete steps toward compliance. The question is no longer if or when, but how to translate complex legal requirements into practical, day-to-day operations.

For many organizations, this is proving to be a challenging shift. NIS2 raises the bar on everything from incident response and governance to supply chain risk and business continuity. Yet one of the toughest hurdles is internal: bridging the gap between what the law says and what IT teams can implement. Without close coordination between legal, compliance, and technical teams, efforts can quickly stall or fall short.

For NIS2 to be implemented effectively, organizations need internal collaboration. Cross-functional teams, clear visibility into data flows, and secure, user-friendly tools all play a role in turning compliance into something actionable. It’s not just about policies — it’s about operationalizing them in a way that makes sense day-to-day.

Take supply chain security. NIS2 places significant emphasis on this area because most breaches today exploit the weakest links — often third-party vendors. Yet many businesses still treat external collaboration as an afterthought when it comes to cybersecurity. The reality is: if a supplier’s system is compromised, it can have a domino effect on everyone they work with. That’s why secure third-party access, encrypted communication and collaboration, and strict access controls are no longer “nice to have” — they’re essential.

Another pitfall we often see is the "wait and see" mindset — organizations holding off on implementation until national legislation is finalized. But attackers aren’t waiting. Many of the organizations affected by NIS2 are part of critical infrastructure, meaning even a short delay in security improvements could have far-reaching consequences. By the time regulation catches up, the damage could already be done.

That’s why it’s critical to take a proactive stance now. Map your business processes, understand your data flows, secure your third-party interactions, and implement business continuity plans. NIS2 is not just about compliance — it's about resilience. It's an opportunity to future-proof your organization in a fast-moving threat landscape.

If you're attending InfoSecurity Europe 2025, join our CISO, Turul Balogh, to learn more about NIS2. In his session, entitled "NIS2 in Action: Key Learnings and Best Practices for Effective Implementation", Turul will share insights on how to overcome implementation roadblocks, align internal teams, and use NIS2 as a catalyst for better cybersecurity.

And if you want to talk about how to ensure data security and safe data exchange within and outside your organization, come find us at booth C124 — we’d love to continue the conversation.