Compliance

In today’s digital landscape, where cyber threats like ransomware are escalating, organizations relying on Microsoft 365 must grasp the shared responsibility model. This framework outlines the division of duties between Microsoft and the customer, ensuring clarity on who handles what to maintain security and continuity. For EU-based businesses, this is particularly critical amid regulations like NIS2 and GDPR, which demand provable data protection and recovery capabilities.

As EU organizations increasingly rely on AI for operational efficiency, the intersection of cybersecurity regulations and technology adoption has never been more critical. The NIS2 Directive, now fully in effect, expands cybersecurity obligations to a broader range of essential and important entities, emphasizing proactive risk management that directly impacts AI deployments. This means embedding NIS2 AI privacy design principles from the outset to safeguard data and systems against sophisticated threats.

Data downtime is no longer just an IT issue — it has become a direct threat to the balance sheet. Recent industry reports show that unplanned outages cost organisations hundreds of thousands of euros per hour on average, with critical sectors regularly facing figures above one million euros per hour of disruption. With NIS2 now fully enforceable and cyber insurance renewals demanding hard evidence of recoverability, leadership teams must be able to put a realistic euro amount on the cost of an outage.

As NIS2 transposition continues across EU member states, organizations face increasing pressure to verify their compliance by late 2025. This directive expands on the original NIS framework, emphasizing robust cybersecurity measures for essential and important entities. With audits zeroing in on recovery capabilities, it’s crucial to address NIS2 backup compliance now, especially amid escalating cyber threats like ransomware that can cripple operations.