Ensure compliance with laws and regulations

NIS2 – Law on cybersecurity risk management

How has your organization prepared for the requirements set by the European Union-wide NIS2 Directive? The Law on Cybersecurity Risk Management will come into force in Finland in October 2024.

NIS2 in a nutshell

What is is all about?

NIS2 is an extension of the previous NIS Directive which will be implemented in Finland as the Law on Cybersecurity Risk Management, coming into effect on 18th October 2024. The Directive encompasses a broader range of sectors considered critical for society than before, such as health and social services, energy, and manufacturing. This legislation aims to improve the cyber resilience of EU member states by allocating responsibility for cyber risk management to the leadership of organizations, as well as imposing requirements for measures to enhance cyber security.

What obligations does it impose?

The new legislation expands the obligations of critical operators to include, among other things, the supply chain, meaning your organization may be subject to requirements even if you do not belong to a sector classified as critical. The upcoming law mandates entities to report security incidents more broadly and promptly than before. Additionally, the law imposes significant penalties for failing to comply with obligations and grants supervisory authorities broader powers to enforce the law.

Does your organization need support to meet the requirements of the law?


NIS2 service

What's included in our service?

We help ensure your organization’s compliance with the law by October 18, 2024, through the following means:

  • Creating a mutual understanding of the upcoming law’s requirements for your operations
  • An assessment of the changes needed in your activities
  • A prioritized action plan to meet the requirements
  • Implementing the change within the organization, support for change management, and measuring the change

Why Gofore?

  • Finland’s largest expert in change management
  • A member of FISC and part of the working group preparing the organization’s recommendation on the subject.
  • We can measure the readiness of your organization and supply chain to meet the NIS2 requirements. We use Gofore’s own Celkee Insight tool for measuring change.

More information

Read this as well

Read the blog by Markus Asikainen, our Director of Cybersecurity Business, on the subject. The NIS2 Directive and the upcoming Law on Cybersecurity Risk Management – what are they all about?

Contact us

Markus Asikainen

Head of Business, Cyber Security


+358 50 4328 322

Back to top