The Industrial Security Podcast NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]
15 snips
Jul 28, 2025 Christina Kiefer, an attorney at Reusch Law, dives into the crucial implications of the NIS2 legislation and Cyber Resilience Act (CRA) for EU businesses. She discusses the inconsistent implementation of NIS2 across Europe and the compliance challenges companies face. The conversation highlights the CRA's impact on digital product manufacturers and the heightened obligations arising from increased cyber attacks. Kiefer offers insights on navigating these complex regulations, emphasizing the urgency for companies to adapt their cybersecurity strategies.
AI Snips
Chapters
Transcript
Episode notes
EU NIS2 Transposition Is Patchy
- NIS2 is enforced but many member states missed the October 2024 transposition deadline.
- The Commission opened infringement proceedings against 23 states and only 10 had fully transposed by the interview.
No Central Repository — Map Each Country
- Check each EU member state's national law because there is no single central repository for NIS2 transposition.
- Use legal guides or counsel to map scope, reporting and extra national obligations before offering services in the EU.
Member States Will Diverge On NIS2
- NIS2 sets minimum standards but member states can and do add obligations or broaden scope.
- Expect a mixed regulatory landscape with countries like Italy and France adding sectors beyond the directive.