SC170: NIS2, ITSiG, CRA - What should we prepare for in terms of Cybersecurity and Regulation?

Training: Noon2Noon - Security - Governance, Risk & Compliance

Decision-makers at board and executive management level receive a practical overview of NIS2, the IT Security Act, and the Cyber Resilience Act. The course covers new obligations for operators of critical infrastructures (CRITIS), supply chains, and providers of digital services, as well as upcoming requirements on security by design. The training conveys the impact on companies, concrete case studies, and promotes exchange with experts.

Presence training Presence training

Start: 2025-11-27 | 12:30 pm

End: 2025-11-28 | 02:00 pm

Location: Nürnberg

Price: 850,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

Day 1: Cyber Regulation in Europe – where do we stand?

  • 12:30 Arrival and joint lunch
  • KRITIS
    • From NIS1 to NIS2
      • Who is affected?
      • What needs to be done?
      • What applies to Digital Services?
    • From ITSiG 2.0 to ITSiG 3.0 – what does the legislator plan?
    • KRITIS umbrella law
  • Products
    • Cyber resilience act
    • Cyber security act
    • Cyber security in product regulation
      • Product liability directive – what changes?
      • Product safety directive – everything as before?
      • Machinery directive – this too!
  • Criminal liability of hack-back and lessons of the day
  • 18:30 Joint dinner


DAY 2: Application scenarios and case studies

  • 09:00 Tooling for risk management: DriveLock in practice
  • How do I develop my cyber governance?
    • Case studies
      • Case study 1: Cyber incident and crisis management
      • Case study 2: Management liability
    • Practical conclusions / action recommendations
  • Plenary – initial results
  • What do I change in vendor management?
    • Case studies
      • Case study 3: IT procurement and auditing
      • Case study 4: Contractual liability coverage and insurance
    • Practical conclusions / action recommendations
  • Plenary – further results
  • Summary
  • Joint lunch / departure

Objectives:

  • Understanding of regulatory changes
  • Determination of corporate action needs
  • Impacts on product management, compliance, and governance structures

Target audience:

  • Board Members and CEOs
  • Decision Makers for Cybersecurity
  • Compliance Officers

Prerequisites:

  •  Basic knowledge of IT security law is helpful but not mandatory

Description:

Cyber risks and resilience have now become central topics at the board and executive management level. With NIS2 and the Cyber Resilience Act (CRA), two laws are on the cheduled for 2024/2025 that will lead to significant changes across the corporate landscape. Our Noon2Noon format brings you up to date, explores application scenarios, and promotes experience exchange at the decision-maker level in a secure environment.

The European NIS2 directive expands the CRITIS and the obligation catalog for critical infrastructure operators for effective risk management. The IT Security Act will be adjusted by October 2024. The new obligations apply directly to critical infrastructure operators, who will accordingly involve their suppliers. Providers of digital services are also increasingly in the focus of regulation. The CRA extends cyber regulation to the product level. As early as 2027, products with digital elements may be required to offer security by design and vulnerability management throughout the entire lifecycle.

  • What is new and what must companies prepare for in a short time?
  • What additional cyber requirements arise from new rules on product liability, product safety, and the Machinery Regulation?


In our PREMIUM workshop SC170 NIS2, ITSiG, CRA - What must we prepare for in cybersecurity and regulation?, we discuss the new developments with you in an interactive format, determine action needs in concrete case studies, and enable experience exchange with experts and decision-makers.

Other Info:

Course Instructor: Dr. Alexander Duisberg
The workshop is conducted by Dr. Alexander Duisberg. He is a partner and head of the Digital Economy practice for Ashurst in Germany. Additionally, he specializes in digital transformation projects, IT and data-driven business models, transactional data protection, cybersecurity, AI, IoT, and Industry 4.0. Furthermore, he participates in various government committees to help shape the legal framework of the future. This makes him well-connected and informed about the latest developments.
Attached is a short bio
check-icon

Guaranteed implementation:

from 6 Attendees

Booking information

Price:

850,00 € plus VAT.

(including lunch & drinks)

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.