Awareness Training - Save 60% on Yearly Plan.
Start Training

Article 20

Governance

1.   Member States shall ensure that the management bodies of essential and important entities approve the cybersecurity risk-management measures taken by those entities in order to comply with Article 21, oversee its implementation and can be held liable for infringements by the entities of that Article.

The application of this paragraph shall be without prejudice to national law as regards the liability rules applicable to public institutions, as well as the liability of public servants and elected or appointed officials.

2.   Member States shall ensure that the members of the management bodies of essential and important entities are required to follow training, and shall encourage essential and important entities to offer similar training to their employees on a regular basis, in order that they gain sufficient knowledge and skills to enable them to identify risks and assess cybersecurity risk-management practices and their impact on the services provided by the entity.

Frequently Asked Questions

Under NIS2, the organization’s top management or decision-makers need to approve and supervise the cybersecurity steps their entity takes, making sure these steps follow the law and are effective, and they can be held responsible if the entity does not comply correctly with necessary cybersecurity regulations.
Yes, NIS2 requires leaders of important entities to complete regular cybersecurity training, helping them better understand risks and manage cybersecurity effectively, and it strongly encourages these entities also to provide similar training sessions regularly to all employees to enhance their cybersecurity awareness and efficiency across the whole company.
Yes, management bodies of organizations can face legal consequences under the NIS2 directive if their entity breaks cybersecurity rules, although each country can have specific rules and exceptions about this, especially regarding the roles and liability of leaders and officials who are part of public institutions.
NIS2 clearly demands ongoing cybersecurity training for top management and strongly recommends regular training for all employees within important and essential entities, so staff members have up-to-date knowledge to identify cybersecurity risks and understand how to manage them effectively within their day-to-day roles and responsibilities.

NIS2 Training

Start Training

Get Started within 24 hours.

Once you have submitted your details, you’ll be our top priority!