Abstract

The article presents an analysis of key regulatory changes regarding network and information systems security arising from implementation of the NIS2 Directive, the DORA regulation, and other legal acts such as the National Cybersecurity System Act. It discusses the most important regulatory changes, including technical, operational, and organizational requirements that the affected entities must meet. The article outlines the obligations of these entities, the penalties for non-compliance, and the supervisory authorities’ powers as regards monitoring and enforcing the rules. Special has been given to DORA requirements for financial market entities and their impact on ICT risk management. The author also reviews the steps organizations should take to comply with the new requirements.