Staying Ahead of the Curve – Why ENISA’s Latest NIS2 Guidance Matters and How We Keep You Updated

In June 2025, ENISA published its long-awaited Technical Implementation Guidance to support the EU Commission Implementing Regulation (EU) 2024/2690. This document provides practical clarity on the technical and methodological requirements under Article 21(2) of the NIS2 Directive — and it is a game-changer for any organisation serious about NIS2 compliance.

At ICTTF, we’ve already integrated this new guidance into our Certified NIS2 Professional (CN2P) training, and we’re excited to deliver the next cohort starting on 18th September 2025.

Why This New Guidance Is So Important

For many senior leaders, the NIS2 Directive can feel abstract — a series of articles, clauses, and requirements that need interpretation. ENISA’s latest guidance goes a step further. It breaks down what good looks like in practice:

Detailed recommendations on how to implement each control area, from asset management and access control to incident response and business continuity.

Examples of evidence to demonstrate compliance — incredibly useful for audit preparation.

Crosswalks to standards like ISO/IEC 27001:2022, NIST CSF 2.0, and others, allowing for smart integration and alignment.

Sector-specific applicability, especially for digital infrastructure and ICT providers operating across borders.

This is not just more paperwork — it’s a blueprint for action.

Designed for Leaders, Built for Impact

The CN2P course has always targeted professionals who lead — whether in IT, compliance, legal, or the boardroom. This is a course for those who are responsible for the decisions that shape their organisation’s digital resilience. That’s why we offer:

  • Hands-on, scenario-based learning.
  • Short written assignments with direct tutor feedback
  • AI-powered tools to enhance understanding and decision-making.
  • Regular live sessions to engage, question, and learn from peers and experts.

And now, with the ENISA guidance at the heart of our curriculum, you’ll be learning from the very latest benchmark — not outdated notes from last year.

Keeping Our Students Informed — and Prepared

One of the core values of our CN2P course is that it’s not static. We constantly review emerging guidance, regulatory updates, and best practices to ensure our students get the most relevant, practical education possible.

That’s why we’ve already updated our course content to reflect the ENISA guidance — particularly across modules covering:

  • Cybersecurity Governance (Module 3)
  • Risk-Based Cybersecurity Management (Module 4)
  • Implementation of Technical Measures (Module 5)
  • Incident Response and Crisis Communication (Module 7)
  • Internal Audits and Continuous Improvement (Module 10)

These updates are not just pushed into the on-demand materials — we discuss them in live instructor-led sessions to bring them to life with real-world examples, discussion, and application.


NIS2 Professional Seal

Final Thoughts....

The NIS2 Directive is here to stay — and so is the growing pressure on organisations to comply, demonstrate compliance, and continually adapt to an evolving threat and regulatory landscape. While ENISA’s new guidance offers greater clarity on technical implementation, the real challenge lies in knowing how to interpret and apply these requirements in practice — across diverse business environments and jurisdictions.

That’s where the Certified NIS2 Professional (CN2P) course excels.

Our training doesn’t just cover the Directive itself or EU-level guidance — we actively monitor and incorporate the latest legislative developments from each and every Member State as they transpose NIS2 into national law. This ensures our students are equipped with the most up-to-date, country-specific insights alongside pan-European best practices.

If you're responsible for cybersecurity, compliance, or digital operational resilience in your organisation, join us this September and stay informed, prepared, and ahead of the curve.