NIS2 Training for Management Boards

The training enables management boards to understand the requirements imposed by the National Cybersecurity System Act (KSC) and practical ways to implement them. This knowledge supports informed decision-making regarding cybersecurity investments.
In addition, through regular training, boards can stay up to date with the latest trends and methods used by cybercriminals, allowing for faster and more effective responses to new threats.

NIS2 Directive: Management Responsibilities | Closed Training

Although the formal implementation of NIS2 in Poland is still delayed and legislative work continues, one thing is clear – organizations cannot afford to wait. The new regulations introduce specific security obligations, including for company boards. That’s why it is worth preparing your team and leadership now to avoid costly mistakes and gain an advantage in cyber resilience.</p<

Our training was created with this purpose in mind – to explain, in a simple and accessible way, how to protect data and systems in compliance with NIS2. And although it is conducted by an experienced legal advisor, there will be no legal jargon or complex schemes. We focus on practical solutions and clear examples that show what really works in everyday operations. This way, participants will not only learn the requirements but also discover how to apply them effectively.

✅ Benefits for Participants

• Understanding NIS2 and KSC requirements – Practical insights into the current legal landscape and compliance obligations, enabling informed decisions in the area of security.
• Awareness of risks and threats – Real-life examples and cost analyses help participants understand the impact of cyber incidents and how to prevent them.
• Practical implementation guidance – Step-by-step instructions for implementing an Information Security Management System (ISMS) and preparing mandatory documentation.
• Integration of regulations – Learn how to align NIS2 compliance with other regulations (DORA, GDPR, AML) to avoid duplicated processes and costs.
• Clear accountability – Management will understand their legal obligations and the consequences of non-compliance, reducing the risk of personal liability.
• Ready-to-use incident response procedures – Gain knowledge of proper incident handling and reporting through case studies and best practices.

✅ Benefits for Organizations

• Regulatory compliance and avoidance of penalties – Learn how to meet the requirements of NIS2, KSC amendments, and sector-specific regulations, minimizing financial and legal risks.
• Improved risk management – Reduce the likelihood of operational disruptions, financial losses, and reputational damage.
• Cost optimization – Integrating NIS2 compliance with other legal requirements helps eliminate redundant processes and investments.
• Enhanced cyber resilience – Build internal structures and procedures to effectively respond to incidents and prevent system downtime.
• Informed and accountable leadership – Boards and decision-makers will be equipped to make strategic and operational decisions in line with legal obligations.
• Stronger security culture – Build awareness among key personnel, resulting in better decisions and more effective IT system protection.

Who Should Attend?

• Members of management boards of organizations subject to NIS2 and KSC
• Decision-makers in affected organizations
• Members of boards of companies within the supply chain of essential or important entitie

Agenda

1. Cybersecurity Risk – requirements, threats, and costs for organizations
2. NIS2 Directive and KSC Amendment in Poland – current status, legislative goals, key areas
3. How to align NIS2 implementation with other legal frameworks (DORA, GDPR, AML/CFT, sector-specific requirements)
4. List of essential and important entities
5. Implementing an Information Security Management System (ISMS) – requirements, structure, organizational and technological challenges
6. Security documentation – format, provisions, accountability, storage
7. Incident response actions
8. Internal structures responsible for cybersecurity
9. Audit requirements
10. Management board accountability
11. Case study
12. Q&A session

Format and Duration

• Duration: 4 hours
• Format: Online or in-person
• The training can also be delivered in Polish or in English

Trainer

Tomasz Klemt | Legal Counsel, Klemt Law Firm
A legal advisor with many years of experience in the financial, manufacturing, and new technology sectors. His experience includes roles at the Financial Supervision Authority, the European Parliament, the Provincial Administrative Court, and top Warsaw law firms recognized in rankings such as The Legal 500, Chambers and Partners, and Rzeczpospolita Law Firm Rankings.

About the NIS2 Directive in Poland

The NIS2 Directive (Directive (EU) 2022/2555 of the European Parliament and Council of December 14, 2022, on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive) (OJ L 333, 27.12.2022, p. 80)) obliges Member States to establish unified cybersecurity standards.

Although the deadline for implementing the NIS2 Directive passed on October 17, 2024, Poland’s legislative process is still ongoing. On February 12, 2025, the fifth draft of the amendment to the National Cybersecurity System Act (KSC) was published, and in May 2025, the European Commission issued a reasoned opinion to Poland due to delays in adopting the new provisions. The European Commission gave Poland two months to respond and take the necessary measures. Otherwise, the EC may decide to refer the matter to the Court of Justice of the European Union.

We can therefore expect a significant acceleration of the legislative process. This means that, when planning activities and budgets for 2026, organizations should already familiarize themselves with the obligations and challenges posed by NIS2. This is particularly important for management boards, as in addition to making strategic decisions regarding NIS2 implementation, board members are required to undergo regular training.