AbejaIT AbejaIT

What Drew 2,500 Live Viewers—and 7,500 More for the Recording?

26.06.2026

An online training on the NIS2 Directive and its impact on Polish companies and institutions attracted over 2,500 live participants, with another 7,500 declaring intent to watch the recording. This proves that regulatory cybersecurity is becoming increasingly urgent for organizations in Poland. If your company has not yet checked whether it falls under NIS2/KSC2 requirements, now is the time.

An online training on the NIS2 Directive and its impact on Polish companies and public institutions attracted over 2,500 live participants. Another 7,500 declared intent to watch the recording. Such strong interest in a single regulatory topic is rare in the IT industry—and shows that cybersecurity is no longer the exclusive domain of SOC specialists.

Why NIS2 Generates So Much Attention

The NIS2 Directive (Network and Information Security Directive 2) expands the catalog of entities subject to cybersecurity obligations. In Poland, implementation runs under the National Cybersecurity System 2.0 Act (KSC2). Organizations that previously did not identify as operators of essential services must now assess whether they fall under new requirements—and if so, implement policies, procedures, and technical measures on a defined timeline.

For IT directors, CISOs, and B2B leadership, this means concrete deadlines, readiness audits, and potential penalties for non-compliance. Lack of regulatory awareness does not exempt from liability—supervisory authorities will assess whether the organization exercised due diligence in risk assessment and security implementation.

Who Falls Under NIS2/KSC2

  • Essential sector – energy, transport, banking, health, water, digital infrastructure.
  • Important sector – postal services, food, manufacturing, waste, chemicals, digital production.
  • Digital service providers – marketplaces, search engines, cloud platforms, data centers.
  • Supply chain – subcontractors of essential operators may also be subject to requirements.

What Organizations Should Do Now

The first step is a qualification audit: whether the company or its client/supplier qualifies as an essential or important entity. Next, conduct a cybersecurity risk assessment, identify gaps in policies and infrastructure, and prepare a remediation plan with priorities and budget.

Implementation requires cooperation between IT, legal, compliance, and leadership. Organizations often use external partners offering IT infrastructure services and support in designing NIS2-compliant architecture—from network segmentation, through backup and disaster recovery, to monitoring and incident response.

Timeline and Consequences

KSC2 implementation deadlines in Poland are phased, but delays in preparation can result in unreadiness when regulations take effect. Supervisory authorities will verify risk management policies, incident reporting procedures, business continuity plans, and employee training.

Penalties for non-compliance can reach millions of zloty or a percentage of turnover—depending on national regulations and breach scale. For many B2B companies, the cost of implementing security is significantly lower than a potential fine and loss of contracts with compliance-demanding clients.

Training and Organizational Awareness

The popularity of NIS2 training shows the market seeks practical knowledge, not just dry regulations. Effective preparation requires workshops for leadership, technical training for IT teams, and operational procedures for the entire organization. Regulatory cybersecurity is not a one-time project—it is an ongoing process of adapting policies to a changing threat landscape.

Companies that already implemented ISO 27001 or NIST CSF have a solid base for mapping NIS2 requirements. Those just starting should prioritize: MFA, backup, monitoring, incident response plans, and process documentation. A technology partner can conduct gap analysis and propose an implementation roadmap tailored to budget and organization scale.

If your company has not yet checked its KSC2 qualification status, now is the time. Thousands of training participants signal that competition is already preparing—and regulators will expect the same from every entity covered by the directive. Contact IT infrastructure experts to assess organizational readiness and avoid costly regulatory surprises.

Mapping Requirements to Infrastructure

NIS2 requirements translate into concrete technical decisions: critical system redundancy, data encryption, production environment access control, penetration testing, and external audits. Organizations should create a matrix mapping each regulatory requirement to existing controls, gaps, and remediation plans with owners and deadlines.

For companies acting as subcontractors to larger operators, compliance becomes a condition for maintaining contracts. Clients increasingly require NIS2 compliance evidence in tender processes and due diligence. Preparing documentation—policies, procedures, test reports—before the first client audit saves weeks of firefighting and strengthens B2B negotiation position.

Leadership Role in NIS2 Compliance

The NIS2 Directive requires active leadership engagement—management must approve cybersecurity policies, oversee protective measure implementation, and bear responsibility for non-compliance. Training leadership in business language, not technical jargon, facilitates budget allocation and remediation project prioritization before regulations take effect.

Organizations should appoint a NIS2 compliance owner with decision-making mandate and direct reporting to CIO or CEO. Scattered responsibility between IT, legal, and compliance without a clear leader is the most common cause of delays in implementing required controls and audit documentation.

Source: Sekurak