ON
← Back to feed
Cybersecurity comes to the boardrooms: authority: strategic decisions cannot be delegated
Italy🏛️ PoliticsCenter15 hr. ago

Cybersecurity comes to the boardrooms: authority: strategic decisions cannot be delegated

The National Cybersecurity Agency has updated its FAQs regarding the NIS 2 directive, clarifying that corporate boards of administration are responsible for approving strategic cybersecurity decisions, while operational implementation can be delegated to technical structures. Under the updated guidelines, companies must ensure that strategic decisions—such as defining security policies and planning—are made by the board or equivalent governing body. Operational tasks like creating procedures, instructions, and manuals remain under the responsibility of technical teams, which can update these documents independently without requiring board approval each time. Companies have flexibility in organizing their documentation, either through a single unified document or multiple coordinated acts, as long as there is a coherent system distinguishing strategic decisions from technical execution. Additionally, updates to technical and organizational documents do not automatically require reapproval by the board.

How each side covered it

The same event, grouped by the political lean of the outlets covering it.

How each side covered it

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

Covered around the world

The same event as reported in other countries.

Covered around the world

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

Claims check

Key factual claims, and how many sources assert vs dispute each.

Claims check

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

1 reports

Il Sole 24 Ore logoIl Sole 24 OreParty-aligned🔒Center15 hr. ago
Cybersecurity comes to the boardrooms: authority: strategic decisions cannot be delegated

The National Cybersecurity Agency has updated its FAQs regarding the NIS 2 directive, clarifying that corporate boards of administration are responsible for approving strategic cybersecurity decisions, while operational implementation can be delegated to technical structures. Under the updated guidelines, companies must ensure that strategic decisions—such as defining security policies and planning—are made by the board or equivalent governing body. Operational tasks like creating procedures, instructions, and manuals remain under the responsibility of technical teams, which can update these documents independently without requiring board approval each time. Companies have flexibility in organizing their documentation, either through a single unified document or multiple coordinated acts, as long as there is a coherent system distinguishing strategic decisions from technical execution. Additionally, updates to technical and organizational documents do not automatically require reapproval by the board.

Bias read (Center): The article provides a neutral explanation of updated regulatory requirements related to cybersecurity governance within corporations. It does not take a stance on the regulation itself, nor does it favor any particular political perspective. The content focuses strictly on clarifying legal and行政职责,

Keep the news honest.

ObjectiveNews is reader-funded and ad-free — we show you the bias instead of hiding it. Support independent journalism for €5/month.

Become a Supporter

Related stories