Strategic Guidance & Tools for the cybersecurity regulations reshaping Europe

πŸ“’ Attention! To all Financial Institutions and Critical Infrastructure Operators: This summer, build your DORA & NIS2 compliance with Nextgen Software.

What you’ll find in this hub:

πŸ‘‰ Educational videos, starting with: β€œDORA & NIS2 – What they mean for your company”

πŸ‘‰ Legislative resources: NIS2 Directive (EU). Romanian legislation – Law 124/ 2025

πŸ‘‰ Implementation updates, timelines and best practices

πŸ‘‰ Client success journeys and practical use cases

Why it matters now? Compliance is no longer optional β€” it’s a strategic and legal imperative.

πŸ‘‰ DORA applies to banks, insurers, asset managers, crypto platforms.

πŸ‘‰ NIS2 targets essential & important entities in energy, transport, public services, digital infra, transportation & logistic and beyond.

Failure to comply means real consequences: fines, restrictions, reputational loss.

🚨New Cybersecurity Law enforced in Romania!

As of July 7th, 2025, Law no. 124/2025 is officially in force, approving and amending Government Emergency Ordinance no. 155/2024 on the cybersecurity framework for networks and information systems in the national civil cyberspace.

Key updates impacting essential and important entities:

πŸ‘‰ Mandatory cybersecurity training for executive leadership, through accredited programs.

πŸ‘‰ Designation of a cybersecurity officer within 30 days after notification by DNSC.

πŸ‘‰ Ongoing training for all staff to ensure consistent awareness and cyber risk management capabilities.

πŸ‘‰ Incident and vulnerability reporting obligations

πŸ‘‰ Stronger national governance and inter-institutional cooperation.

Heavy fines:

πŸ‘‰ up to €10 millions or 2% for essential entities.

πŸ‘‰ up to € 7 millions or 1.4% for important entities.

πŸ‘‰ New contraventions are introduced (e.g. failure to provide supporting documents or comply with remediation plans) and penalties are now clearly differentiated based on entity type.

Sector coverage expanded

πŸ‘‰ Health: now includes pharma, labs, research, distribution

πŸ‘‰ Digital infrastructure: covers IXPs, CDNs, DNS, cloud providers, trust services

πŸ‘‰ Food sector: renamed to include production, processing, distribution.

The new legal framework strengthens national cyber resilience and aligns Romania with the NIS2 Directive requirements.

For organizations under scope, this marks the beginning of a new compliance and operational era.