NIS2 represents the most significant expansion of cybersecurity regulation in the EU - but for many organizations, the path from directive to implementation is anything but clear. In this session, experts from the Community of Madrid's Cybersecurity Agency discuss the structural, economic and governance challenges shaping NIS2 compliance across member states. With Spain's transposition still pending and thousands of newly obligated entities uncertain of their status, the session cuts through the ambiguity to offer a grounded assessment of what organizations need to address now.

The session will explore:

• Why NIS2 is fundamentally a governance challenge and not a technical one;
• The structural risks of Spain's centralized transposition model, including jurisdictional overlap, entity identification gaps and the challenge of extending obligations throughout the supply chain;
• The economic reality facing obligated entities, with implementation costs estimated in the billions and supervision frameworks still undefined for thousands of newly in-scope organizations.