ECSO’s Risk Management Policies Implementation Workstream is launching a collaborative initiative to conduct a Transnational Risk Analysis Exercise for a fictional multinational company operating across Europe subject to the NIS2 Directive.
Join the webinar to receive a detailed description of the initiative, learn about its objectives and value proposition, and get clear instructions on how to collaborate. You’ll also have the opportunity to engage in discussions and help shape the initiative’s direction. Following the Webinar, we’ll open a call for expressions of interest for ECSO member organisations who wish to actively contribute to this work. Volunteer contributors will collectively develop a risk analysis for a fictional mid-sized multinational enterprise operating across Europe in the critical infrastructure sector.
Why Join This Initiative?
Tackle real implementation challenges – Work through NIS2 complex transnational risk analysis requirements in a practical, hands-on exercise
Shape industry guidance – Directly influence the development of actionable methodologies
Establish thought leadership – Position yourself and your organization as pioneers in NIS2 implementation
Agenda
Moderated by Ali Mabrouk (CEO, SAMA PARTNERS), Mariano J. Benito (Cybersecurity & Privacy Ambassador, GMV) and Sebastijan Čutura (Senior Manager for Industry Cybersecurity, ECSO)
14:30–14:35 | Welcome and Introductions (5 min)
14:35–14:45 | Context and Problem Statement (10 min)
14:45–14:55 | Initiative Goals and Expected Outcomes (10 min)
14:55–15:10 | Description of a Fictional Company (15 min)
15:10–15:20 | How to Contribute? (10 min)
15:25–15:30 | Q&A and Open Discussion (10 min)
Context
The NIS2 Directive mandates all-hazards risk analysis, including supply chain considerations. This requirement presents challenges for companies operating across multiple EU member states, particularly given the varying interpretations and requirements in national transposition laws.
This initiative will explore how companies can effectively meet these obligations. Volunteer contributors will develop a fictional transnational EU company with facilities and suppliers distributed across several member states, then conduct a risk assessment exercise to address key questions:
- Is cross-national, all-hazards risk analysis feasible in practice?
- Can companies develop such analyses within reasonable timeframes?
- Are the results actionable for risk treatment decisions?
- Which methodologies prove most effective for producing usable global risk analyses?
- Which scenarios or national frameworks present particular implementation challenges or conflicts?
- Are there practical workarounds for conflicting requirements?
The ultimate objective is to develop a group-wide, NIS2-compliant, interoperable risk management methodology. This will require harmonising methodologies, tools, and outputs across the fictional organization. The resulting case study will provide hands-on guidance for companies subject to the NIS2 Directive.