In order to avoid imposing a disproportionate financial and administrative burden on essential and important entities, the cybersecurity risk-management measures should be proportionate to the risks posed to the network and information system concerned, taking into account the state-of-the-art of such measures, and, where applicable, relevant European and international standards, as well as the cost for their implementation.
NIS2 Recital EN
Recital 81
Related across sources
News CNIL (France) - SAN-2025-015 Guidance Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 Guidance Guidelines 02/2022 on the application of Article 60 GDPR Guidance Guidelines 8/2020 on the targeting of social media users Guidance Guidelines 03/2021 on the application of Article 65(1)(a) GDPR News Complaint: Amazon doesnโt allow baseline TLS security