Enhancing EU Cybersecurity: Legal provisions under NIS II and Greek Law 5160/2024
(article by Maria Katsioti, Associate and Andreas Papastathis – Junior Partner published on Lexology, February 11, 2025)
The NIS II Directive (EU) 2022/2555, aimed at strengthening cyber security across the EU, has been transposed into Greek law through Law 5160/2024, which took effect on November 27, 2024. This law expands its scope to cover more sectors, enhances supervision, and reinforces cross-border collaboration.
Key provisions include:
- Obligations for Entities: Essential and important entities in critical sectors must implement cybersecurity risk management measures, designate an Information Systems Security Officer (ISSO), and follow structured incident reporting procedures within specific deadlines. Non-compliance may result in significant fines.
- National Cybersecurity Authority (NCA): The NCA supervises compliance, imposes enforcement measures, and coordinates cybersecurity efforts at both national and EU levels.
- EU and Regulatory Alignment: The law distinguishes between NIS II, the GDPR (which focuses on personal data security), and the DORA Regulation, which applies specifically to financial entities.
Greek Law 5160/2024 strengthens Greece’s cybersecurity landscape while aligning with EU-wide regulations. Entities must ensure compliance before key deadlines in 2025.
Read the full article here:
in pdf and in this link
