Question 1

Can Irish directors be personally liable under NIS2?

Accepted Answer

Yes. Under Head 43 of Ireland's General Scheme of the National Cyber Security Bill, where a corporate infringement is committed with the consent, connivance, or wilful neglect of a director, manager, secretary, or officer, that individual may be held personally liable. Head 28 also provides for personal liability where gross negligence is found following a cybersecurity incident.

Question 2

What are the maximum NIS2 fines for Irish businesses?

Accepted Answer

Essential entities face fines of up to €10 million or 2% of worldwide annual turnover (whichever is higher). Important entities face fines of up to €7 million or 1.4% of worldwide annual turnover. These are set out in Head 41 of Ireland's General Scheme.

Question 3

Can a director be banned from serving on a board under NIS2?

Accepted Answer

Yes. NIS2 Article 32(5)(b) allows competent authorities to request a temporary ban on any natural person responsible for management duties at CEO or legal representative level in an Essential Entity that has persistently failed to comply.

Question 4

What is the CyFUN framework and does it help with NIS2 compliance?

Accepted Answer

CyFUN (Cyber Fundamentals) is the NCSC Ireland's recommended cybersecurity framework. The NCSC has publicly stated that CyFUN is 'the preferred method to demonstrate NIS2 compliance.' Adopting CyFUN provides structured evidence of due diligence that can mitigate personal liability risk.

NIS2 Board Liability Simulator

Based on official sources

Cookie Preferences