The NIS2 Directive is reshaping Europe’s cybersecurity landscape. With the transposition deadline past and enforcement approaching, travel companies must act now to prepare.

Speaker:  Alexander Norell Global Security Architect, VikingCloud

• NIS2 Overview – what it is and why it matters for the travel sector.
• Who Needs to Comply – essential vs. important entities, thresholds for size, revenue, and scope.
• Obligations & Risks – risk management, business continuity, supply-chain security, incident reporting, accountability.
• Enforcement & Penalties – up to €10M or 2% turnover for essential entities and €7M or 1.4% for important entities.
• Travel Industry Risk Profile – booking engines, payment systems, APIs, public contracts, aggregators.
• Comparisons – how NIS2 aligns with GDPR, PCI DSS, and what travel businesses should prioritize.
• Next Steps – classify your org, run a gap analysis, implement baseline cybersecurity risk mgmt.

• NIS2 compliance is mandatory, not optional.
• Travel platforms, agencies, and providers with digital/critical integrations are firmly in scope.
• Leadership accountability is central—executives may be held personally liable.
• Incident reporting is time-bound: 24h early warning, 72h initial, 1m final report.

4 November 2025 • 10:00 a.m. CET