NIS 2 - Introduction

This training session provides a comprehensive overview of the NIS2 directive (Network and Information Security Directive 2), the EU's updated framework for cybersecurity across critical sectors. NIS2 expands the scope of the original NIS directive, introducing stricter security requirements, broader sectoral coverage, and enhanced enforcement mechanisms. For support PFS entities and other organisations in Luxembourg's financial ecosystem, NIS2 brings significant compliance obligations around cyber risk management, incident reporting, and supply chain security. Participants will learn the key requirements, implementation timelines, and practical steps to achieve NIS2 compliance.

By the end of this training, participants will be able to:

• understand the scope and applicability of NIS2, including which entities are classified as essential or important;
• identify key NIS2 requirements including cybersecurity risk management, incident reporting, and governance obligations;
• understand NIS2 cybersecurity measures and controls within their organisations;
• understand incident detection, response, and reporting processes compliant with NIS2 timelines;
• manage supply chain and third-party risks in accordance with NIS2 requirements.

• Part 1 - NIS2 overview
• Part 2 - Core NIS2 requirements
• Part 3 - Management responsibility
• Part 4 - Implementation and compliance

This training is coordinated by Thomas Wittische, Managing Director and Arpit Jain, Senior Manager at PwC Luxembourg.

• Thomas Wittische, managing director at PwC, brings over 20 years of expertise in IT advisory, regulatory compliance, and IT audit services for financial sectors, operational companies, and European institutions. He has led IT general control reviews, business continuity audits, security audits, and designed security roadmaps. Certified as ISO22301/ISO22361 Lead Implementer and DRII, Thomas has 18 years of experience in business continuity management, assisting clients with risk identification, BIA analysis, recovery procedures, and crisis communication. He also leads PwC Luxembourg’s crisis management practice, delivering customised crisis simulations and training in emotional stress and cyber scenarios.
• Arpit has over 13 years of experience in providing IT audit and IT advisory services for client across financial services, manufacturing, media and telecommunication sectors. He has been involved in several IT general controls and internal controls over financial reporting review in line with local and international audit frameworks such as ISA , SOX 404, ICFR and JSOX. He has extensively worked on SWIFT CSCF certification assessments for banks and service bureaus. He also has worked on review and preparation of service organisation controls report such as ISAE3402 and ISAE3000.