NIS2 Directive is almost in full swing as EU countries prepare to meet a key milestone on 17 April 2025, when member states will have to establish a list of essential and critical facilities. The regulation, changes in cybersecurity legislation and the requirements it brings raise many questions and concerns about how organisations should implement them. The National Cyber Security Centre under the Ministry of National Defence (NCSC) of Lithuania has a great initiative to facilitate dialogue about NIS2 within the cybersecurity ecosystem in Lithuania, called Cyber breakfast.

Cyber breakfast is a monthly event that can be both attended in person or watched as a broadcast online. The participation in live event is limited due to space limitations and is usually fully booked within a couple of days. Each event covers a different area related to the NIS2 Directive and starts with an introduction on the topic and plans from the NCSC Lithuania, followed by a presentation from an NCSC constituency on how the NIS2 requirements are implemented in their organisation, the challenges they have faced so far and the advice they have for other constituencies. The event usually concludes with a panel discussion comprising the presenters and invited guests from the wider cybersecurity community. Both the audience present at the event and those listening online can suggest questions for the panel.

The value of such events is as follows:

• The regulator engages in an open dialogue with its constituencies and the wider cybersecurity community and hears the concerns first hand
• The existing constituencies and the constituencies to be (the revised list will be available from 17th April) hear the information directly from the regulator and are exposed to the services and resources available to them
• The wider cybersecurity community is involved and can actively participate
• The event is recorded so that it can be shared and reviewed later
• Greater clarity on how to interpret the requirements of the revised Cybersecurity Law