The Spanish draft law transposing NIS2 is still in parliament in 2026, but the directive's technical obligations have applied since October 2024. Practical map: the ten minimum security measures, the 24-hour, 72-hour and one-month incident notification window, and the new supply-chain security obligations.
LLM red teaming has gone from an esoteric activity to a mandatory practice. With the OWASP Agentic Top 10 and the CSA Agentic AI Red Teaming Guide converging on shared vocabulary, this is the operational playbook any team deploying agents needs to have.
NIS2 entered force on 17 October 2024. Six months later, companies are in the trenches. I cover what has actually changed in operational security, what was paper theater, and where the directive still bites.
Cuando un LLM pasa de contestar texto a ejecutar herramientas, la superficie de ataque cambia de categoría. La inyección de prompts, la contaminación de memoria y el abuso de protocolos entre agentes son el nuevo OWASP Top 10.
The NIS2 directive entered into force on October 17, 2024, but by mid-2026 only part of the member states have fully transposed it: Germany and the Netherlands closed their law, Spain and France remain in process under pressure from Brussels. Here is what already applies and how to prepare without panic.
In 2023, software supply chains became attackers' favourite target: MOVEit exposed data from hundreds of organisations through a zero-day flaw, 3CX shipped a trojanised installer to millions of users, and npm and PyPI kept receiving malicious typosquatted packages. The practical defence combines SBOM, artefact signing with Sigstore, SLSA maturity levels, and continuous dependency scanning.
The NIS2 Directive expands European cybersecurity from 7 to 18 sectors, mandates 10 minimum technical measures and 24-hour incident notification, and imposes fines of up to 10 million euros or 2% of global turnover, with personal liability for management bodies that fail to comply.
The CIO role has been under growing pressure for years. Automation cuts the operational load, merging with the CDO and CTO creates ambiguity over who leads what, and digital transformation demands skills that were not previously required. The CIO who evolves remains indispensable; the one who does not gets left behind.
Adversarial machine learning studies deliberate attacks on AI systems (evasion, poisoning and model extraction) and the defenses used to resist them, chiefly adversarial training, robustness certification and monitoring the distribution of production input data.
Cybersecurity combines technical controls (encryption, MFA, network segmentation), team training and an incident response plan to reduce the risk of ransomware, phishing, malware and identity theft. No single measure is enough: effectiveness depends on applying every layer at once and auditing the system regularly.
4 min2124.4
We use first- and third-party cookies to analyze site traffic. You can accept them, reject them, or configure your choice.
Learn more about cookies
Cookie preferences
NecessaryEssential for the site to work. Always on.
AnalyticsHelp us understand how the site is used (Google Analytics).