EU Cybersecurity Regulations: What’s changing and how ISF can help

The EU cybersecurity regulatory environment is evolving rapidly. New and updated regulations such as NIS 2, DORA, the Cyber Resilience Act (CRA), and the EU AI Act are introducing complex and overlapping control expectations for organisations operating in or engaging with the European market.

In this webinar, Benoit Heynderickx and Luka Ivezic provided a clear update on these major EU regulations and explain how the ISF Standard of Good Practice for Information Security (SOGP) and related tools can support organisations in meeting compliance requirements.

The session concluded with an introduction to ISF’s detailed mapping of NIS 2 to ENISA’s Technical Guidance – a practical resource available to support the compliance journey.

Key takeaways:

• A concise overview of the latest developments across NIS 2, DORA, CRA, and the EU AI Act
• Insights into emerging control themes across these regulations and common challenges faced by organisations
• How ISF resources, including the SOGP, help build control maturity aligned to these evolving obligations
• A spotlight on ISF’s exclusive mapping of the SOGP to ENISA’s NIS 2 technical Implementation Guidance

Meet the Speakers:

Benoit Heynderickx is a Principal Analyst at the ISF and project lead for the ISF Standard of Good Practice for Information Security. With a wealth of information security know-how, he is also regularly involved in specialised topics such as supply chain, cloud security and quantitative risk analysis. Passionate about information security and risk management, Benoit has a deep and practical experience implementing large scale information security and risk programmes such as ISMS, GDPR Compliance, and third-party risk assurance programmes. Benoit holds security certifications from ISACA and the CSA, as well as an MSc in Information Security and Risk from City, University of London. Benoit is also a Full Member of the Chartered Institute of Information Security.

As Practice Lead, Regulations & Emerging Technologies, Luka Ivezic oversees the ISF’s portfolio of security control and regulatory assessment services. He is the resident expert on EU regulations, as well as strategy and best practices for emerging technologies such as AI, OT and IoT. He tailors ISF’s services to address common challenges for ISF’s EU members, such as those arising from legislative changes (eg: NIS 2, DORA, CRA, RED)