By Lili Marleen Moser | 779 words | Read time: 4 minutes
The clock is ticking. Last week, the Danish Parliament passed the Network and Information Systems Directive 2 (NIS2), and it will come into full effect on July 1st, 2025. The NIS2 legislation brings significant changes to cybersecurity requirements for a wide range of organizations.
In the following, we highlight key challenges, outline useful resources, and offer practical guidance to help you navigate the road to compliance.
The arrival of NIS2 is a step towards a higher common level of cybersecurity across EU member states, and towards improved resilience of critical infrastructures against cyber threats.
However, many Danish organizations may now face a hurdle, as there are no official recommendations or guidelines available from Danish authorities.
Torben Schack Pedersen, the Danish Minister for Resilience and Preparedness, has stated that implementation guidelines and materials for affected organizations will be available by July 1st, 2025 at the latest[1].
Challenges imposed by the lack of specific guidelines
The absence (or somewhat late arrival) of specific Danish guidelines on the implementation of NIS2 presents a number of challenges for the affected entities.
Firstly, the directive itself is open to interpretation, and without specific guidelines, organizations may struggle to understand exactly how instructions translate into concrete actions.
Also, unclear interpretations can make it difficult to prioritize efforts correctly. Knowing exactly which measures are most critical for the supervisory authorities is important for effective resource allocation. The lack of clear guidance makes it challenging for organizations to prioritize their cybersecurity investments and efforts.
Lastly, without clear instructions, organizations may hesitate to implement significant changes, fearing that their efforts might not align with the final Danish requirements. This delay increases the risk of non-compliance by the July 1st deadline, potentially leading to penalties, a weaker security posture, and other negative consequences.
Where to Turn While You Wait
While we await the official Danish guidelines for NIS2, several resources are already available that can offer valuable insights. Although following these frameworks does not guarantee NIS2 compliance, they can help strengthen your cybersecurity posture and support your efforts toward meeting the directive’s requirements.
ISO 27002 – a strong starting point
The internationally recognized standard for information security management, ISO 27001, provides a framework for establishing, implementing, maintaining, and continually improving an information security managementsystem (ISMS).
The accompanying guideline, ISO 27002, offers a comprehensive set of security controls that align well with the principles and objectives of NIS2. Implementing or aligning with these standards can provide a strong foundation for meeting the upcoming requirements.
ENISA’s Guidance: EU-Level Insights
The European Union Agency for Cybersecurity, ENISA, has also published materials regarding the NIS2 Directive. Their guidelines, best practices, and reports offer a wide range of insights into how organizations can prepare for compliance with NIS2. While these publications are not specific to Denmark, they provide a valuable perspective. Explore publications and more at ENISA’s website.
Lessons from other EU countries
Some EU member states have already passed and implemented the directive, and provide local entities with recommendations and guidelines. While these may not translate directly into Danish law, they can offer helpful guidance on potential approaches and the types of measures being considered in other member states.
For instance, Centre for Cybersecurity Belgium (CCB) published a brochure with guidelines and recommendations. A helpful tool mentioned is the CyberFundamentals Framework (CyFun), which is inspired by the most used frameworks and standards in Belgium, such as NIST and ISO 27002.
It has three assurance levels: basic, important, and essential, all of which include a set of guidelines and solutions for risk assessment, self-assessment, and more. CCB states that, in the context of NIS2, CyFun can be a useful tool for both essential and important entities.
How Trifork Security guides your compliance journey
The current cybersecurity landscape and compliance, especially with the impending NIS2 requirements, are increasingly difficult to navigate. However, you don’t have to do it alone.
At Trifork Security, we partner with organizations to translate regulations into actionable steps, so you can focus on growing your business with assurance and security. With over 10 years of experience, certifications in ISO 27001:2022, ISAE 3402, and ISAE 3000, we deliver tailored compliance solutions backed by deep technical insight.
Whether your focus is achieving ISO 27001 certification, proactively preparing for the NIS2 directive, or enhancing your GDPR compliance framework, we provide comprehensive support at every stage – from initial GAP analysis and detailed documentation to effective risk management strategies and impactful awareness training programs.
Ready to take the next step?
Don’t wait for July 1st to start preparing. Reach out to us today and let’s turn uncertainty into action, so you are ready to meet NIS2 head-on.
Latest articles & Updates