ISMS Copilot
Ν. 60(Ι)/2025

Ν. 60(Ι)/2025 Copilot

Navigate Cyprus NIS 2 obligations under Ν. 89(Ι)/2020 as amended by Ν. 60(Ι)/2025

Start Free TrialSee it in action

What the Ν. 60(Ι)/2025 Copilot Can Do

Identify whether your entity qualifies as essential or important under the consolidated law

Map your controls to the ten risk-management areas derived from Art. 21(2) of Directive 2022/2555

Understand the 6-hour early warning requirement and how it differs from the Directive

Track the full notification chain: 6-hour, 72-hour, and final report obligations to the DSA

Interpret management-body training and accountability obligations under the amended law

Compare supervisory exposure for essential versus important entities under DSA oversight rules

About Ν. 60(Ι)/2025 Copilot

Ν. 60(Ι)/2025 amends the existing Cypriot NIS framework (Ν. 89(Ι)/2020) to transpose EU Directive 2022/2555, introducing stricter incident reporting timelines, expanded risk management obligations, and direct management-body accountability. The Copilot helps you work through the consolidated law and understand what it requires of your organisation.

Who it's for

NIS 2

Parent EU directive — transposed into Cyprus's national law.

NIS 2 Germany

Sister national transposition of NIS 2.

NIS 2 Belgium

Sister national transposition of NIS 2.

Frequently Asked Questions

What is Ν. 60(Ι)/2025?

Ν. 60(Ι)/2025 is the Cypriot amendment law that transposes EU NIS 2 Directive (2022/2555) by modifying the existing Ν. 89(Ι)/2020; the two laws are read together as a single consolidated text, and Ν. 89(Ι)/2020 is not repealed. The competent supervisory authority in Cyprus is the Digital Security Authority (DSA).

How does the Ν. 60(Ι)/2025 Copilot help?

The Copilot helps you interpret the obligations in the consolidated law — including entity classification, risk management measures, incident notification timelines, and penalty exposure — so your team can make more informed compliance decisions. It does not replace legal advice or formal DSA guidance.

How does Cyprus's incident notification timeline differ from the NIS 2 Directive?

Under the consolidated Ν. 89(Ι)/2020 as amended by Ν. 60(Ι)/2025, the early warning must be submitted to the DSA within 6 hours of becoming aware of a significant incident — stricter than the 24-hour ceiling set by Directive 2022/2555. For ongoing incidents, the law also requires progress reports every 15 days after the 72-hour notification, with a final report due within 15 days of resolution.

Ready to streamline your compliance work?

Built for speed, accuracy, and audit-ready output.

Try ISMS Copilot 2.0