When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

Just 30% of EU member states have nationally implemented The connection and Information Security Directive (NIS2).

This puts businesses on the back foot and risks falling even further behind the adoption curve.

A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

NIS2 is the biggestcybersecuritylegislation in over a decade, setting the stage for secure digitalinfrastructureacross the EU.

Vice President of Solution Architecture at Sonatype.

A view of NIS2

The driver for this legislation is clear.

As society increases its dependency on software, software developers increasingly rely onopen sourceto ship new products quickly.

Cyber resilience must improve commensurately to meet software consumption.

NIS2 introduces stringent cybersecurity reporting standards across banking, manufacturing, and public administration.

Remember that the rising tide lifts all boats.

They must also implement and document policies, from vulnerability monitoring to informationsecuritytraining, which exceeds previous requirements.

Vulnerabilities in software supply chains spread rapidly.

Recent high-profile incidents show that their methods are becoming more sophisticated.

NIS2 has been introduced specifically to combat these occurrences by imparting personal responsibility for cybersecurity tobusinessesthemselves.

This gulf is a ticking time bomb, with businesses facing no-fault liability and harsh financial penalties.

What would Anne Robinson say?

When we think of software, we think of it as one system.

On average, each app contains 180 components, with repeated updates, patches, and multiple versions.

It’s impossible to track every single change manually.

Automation and proper tooling are needed to keep up with the pace of consumption that modern software development demands.

If just one component is compromised, the ripple effect can be devastating.

UK businesses, while not directly under NIS2, should be mindful of its implications.

Businesses stand to benefit by being proactive rather than reactive.

Preparing for the upcoming CRA Bill helps companies stay competitive amid the changing legislative landscape.

We’ve featured the best business VPN.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc.