Cybersecurity (NIS-2 AND DORA)

We can assist in identifying gaps between current operations and the new requirements, advising on the necessary adjustments, and providing risk assessment to mitigate potential legal liabilities.

We can assist in drafting or revising internal policies and procedures to meet requirements, including cybersecurity frameworks, incident reporting, and operational risk management.

We can assist in responding to cyber incidents or operational disruptions, including developing a timely and legally compliant incident reporting process. We can also help communicate with national regulators. Read more here.

We can assist in drafting, reviewing, and negotiating contracts with third-party vendors, ensuring cybersecurity obligations are embedded in supplier agreements.

We can assist in developing training programs for employees and management to raise awareness of legal requirements and best practices for operational resilience, cybersecurity, and incident management. We can brief the board of directors and senior management on the legal implications and how it affects the organization’s operations.

We can provide continuous legal monitoring to ensure ongoing compliance with legal acts, help facilitate internal audits, and assist in preparing for external audits or investigations.

We can conduct cybersecurity due diligence during M&A transactions, ensuring that potential acquisitions comply with cyber requirements, identifying any cybersecurity liabilities that may arise from the transaction, and later assisting in integrating compliance requirements into post-merger operations.

In cases where cybersecurity incidents lead to disputes or lawsuits, we can provide legal representation in court or during arbitration proceedings. If regulators take enforcement actions due to non-compliance, we can defend the organisation against fines, penalties or corrective measures.