Understand the regulations that apply to you
NIS2, DORA and ISO 27001 are reshaping cybersecurity obligations across Europe. Understand what applies to your organisation — and how an Finnovia Rating helps you demonstrate compliance.
Three Regulations. One ratings platform.
NIS2
The EU's Network and Information Security Directive applies to thousands of organisations across 18 sectors. Mandatory for essential and important entities — with penalties up to €10M or 2% of global turnover.
DORA
The Digital Operational Resilience Act applies to all financial entities and their ICT providers operating in the EU. Full enforcement from January 2025.
ISO 27001
The international standard for information security management. Increasingly required by enterprise clients and procurement teams as proof of cybersecurity maturity.
Stay ahead with the right credentials
Deadlines are now
NIS2 enforcement began October 2024. DORA became fully applicable January 2025. ISO 27001 audits are already required by major procurement teams.
Self-declaration is not enough
Regulators and procurement teams increasingly require independent, auditable proof of compliance — not just internal assessments.
Penalties are significant
NIS2 penalties reach €10M or 2% of global turnover. DORA penalties vary by member state but include operational restrictions and public disclosure.
Finnovia Ratings bridge the gap
A Finnovia Rating gives your organisation an independent, analyst-validated credential — recognised across Europe and built on a transparent methodology.