Cybersecurity consulting and audit firm based in Paris, France; specializes in penetration testing ('tests d'intrusion') with a focus on cybersecurity assessments and audits.
NIS2 Directive Overview
Origin and Background
The NIS2 Directive (Network and Information Security Directive 2) was created by the European Union and adopted in January 2023, replacing the original NIS Directive from 2016. The European Parliament and Council developed this legislation to address the growing cybersecurity threats across member states and to create a more uniform approach to cybersecurity requirements. It was implemented because the original directive had inconsistent application across EU countries and didn't adequately cover the expanding digital landscape and supply chain vulnerabilities that emerged in recent years.
Industry Importance and Value
NIS2 is significant because it establishes mandatory cybersecurity requirements for approximately 160,000 organizations across essential and important sectors in the EU, including energy, healthcare, banking, digital infrastructure, and public administration. The directive is valued for creating harmonized cybersecurity standards across Europe, improving incident reporting mechanisms, and holding senior management directly accountable for compliance. For organizations doing business in or with the EU, NIS2 compliance has become essential—not only to avoid substantial penalties (up to €10 million or 2% of global turnover) but also to demonstrate robust cybersecurity practices to partners and customers in an increasingly interconnected global market.
DORA (Digital Operational Resilience Act)
DORA is a regulatory framework created by the European Union that entered into force in January 2023, with full application required by January 2025. Developed by the European Commission, the European Parliament, and the Council of the European Union, DORA was established to strengthen the digital operational resilience of financial entities across the EU. The regulation emerged from growing concerns about cyber threats, ICT disruptions, and third-party dependencies that could destabilize the financial sector, particularly following increased digitalization and cloud adoption in financial services.
DORA is highly valued in the penetration testing and cybersecurity industry because it mandates comprehensive testing requirements for financial institutions, including advanced threat-led penetration testing (TLPT) for critical entities. Penetration testing companies reference DORA compliance as it creates significant demand for their services—financial organizations must conduct regular security testing, vulnerability assessments, and sophisticated red team exercises to meet regulatory obligations. For cybersecurity firms, demonstrating knowledge of DORA requirements and offering DORA-aligned testing services has become a competitive differentiator, as it shows they understand the specific regulatory landscape their financial sector clients must navigate and can deliver testing programs that meet these stringent EU standards.