NIS2 Directive implementation in Lithuania

The Network and Information Security Directive (NIS2), officially transposed into Lithuanian law via the amended Cybersecurity Law on October 18, 2024, establishes enhanced cybersecurity requirements across the EU. On November 6, 2024, the Government of Lithuania approved detailed implementing measures, including national cybersecurity requirements, a cybersecurity incident response plan, and sector-specific rules.

Legal experts of ECOVIS ProventusLaw specialize in regulatory compliance with TIS2 (NIS2), DORA, GDPR, the Artificial Intelligence Act, and the Digital Services Act, helping businesses manage legal risks and meet evolving cybersecurity requirements.

Depending on your company’s specific needs, we provide a range of service packages – from basic compliance assessments to comprehensive legal and cybersecurity support.

As with the General Data Protection Regulation (GDPR), NIS2 is based on the principle of accountability. This means that organisations themselves are responsible for:

• Determining whether NIS2 applies to them based on size, sector, and service criticality
• Assessing their technical and organisational cybersecurity maturity
• Implementing appropriate risk management measures to prevent incidents
• Ensuring rapid and effective response if incidents occur.

We advise organisations which are directly affected by NIS2 regulation operating in:

• Essential sectors such as energy, transport, banking, financial market infrastructure, healthcare, drinking water and wastewater management, digital infrastructure, ICT service management, public administration, and space;
• Other important sectors including postal and courier services, waste management, production and distribution of chemicals, food production, processing and distribution, digital services, and scientific research.

Considering your company’s specific needs, we offer different service packages – from basic compliance assessment to comprehensive legal and cybersecurity assurance.

NIS2 READY

• Analysis and compliance assessment
• Review of internal policies, contracts and processes and assessment of compliance with NIS2 requirements, gap analysis and provision of an action plan with recommendations

NIS2 COMPLIANCE

• Comprehensive legal audit
• Preparation of policies and procedures according to NIS2 requirements
• Employee training program
• Incident management strategy

NIS2 GUARD

• Preparation for audits and inspections
• Internal audit (must be performed at least every 3 years)

Accountability Principle and Self-Assessment Obligation

ECOVIS ProventusLaw also offers a free, user-friendly NIS2 self-assessment tool designed to help organisations evaluate their alignment with the Cybersecurity Act and the Lithuanian Government’s NIS2 implementation requirements.

The tool features structured questionnaires covering key NIS2 areas. Results can be exported in PDF format for internal use or expert review upon completion. The tool is structured according to the legal provisions and supports organisations in building a roadmap toward full conformity.

Check out our NIS2 self-assessment tool here: https://tis2.ecovis.lt/

Upon your request, the ECOVIS ProventusLaw team can perform your compliance analysis, identify gaps, provide you with a plan of further action along with our recommendations, and help you implement the above requirements.

If you need assistance, don’t hesitate to contact our partner, cybersecurity law and data protection expert Loreta Andziulyte.