Event

NIS2 for OT: From Regulation to Industry Practice

NIS2 brings new demands for OT environments. This is your chance to understand what’s required – and how others are responding.

The NIS2 directive is here – and the implications for OT environments are real.
As the energy sector takes the lead, the rest of the industry must now follow. But what does NIS2 mean for your OT systems in practice, especially when dealing with aging infrastructures and complex operations?

This one-day conference focuses on turning regulation into action. You’ll hear from experts across sectors – from government to production companies, from system integrators to vendors. Through practical tools, case studies, and lessons learned, we’ll show how to build resilient, future-proof OT systems that meet today’s compliance requirements.

You’ll hear from and meet experts from Dubex, Rambøll, Rockwell, Siemens, and The Danish Emergency Management Agency (Styrelsen for Samfundssikkerhed), – all sharing their perspectives, cases, and hands-on experiences with cybersecurity and NIS2 implementation.

🔍 What to expect:

Insights from cybersecurity leaders and policymakers
Sector-specific cases from energy, manufacturing, and integration
Real-world examples from vendors and end-users
Standards as tools – not just obligations

Walk away with clear direction, practical insights, and concrete examples you can bring back to your own organization.

VOUCHERS

As a benefit for DAU members in the two highest membership fee groups, we have a voucher system, which offers free access to a DAU conference of your choice. If your company is in the membership fee group of 20 to 250 employees, you have one voucher for 2025. If you are in the 251+ employees’ group, you have two vouchers. To use a voucher, you just need to register at least two people from your company at the regular price and send an email to mlar@di.dk informing us that you would like to use a voucher. You will then not be invoiced for one of the conference tickets. If you are unsure whether your company has available vouchers, you are also welcome to send an email to mlar@di.dk for clarification.

🌍 The conference will be conducted in English.

Agenda

June 3

- 09.30-10.15 Check-in and Breakfast
- 10.15-10.30 Welcome and Opening Remarks
- 10.30-11.00 Understanding the Current Cyber Threat Landscape and Introduction to NIS2
  
  By Jacob Herbst, Dubex
  
  When discussing and trying to make sense of NIS2 we quite often end up discussing how to achieve compliance with the rules and regulations forgetting the reason why got NIS2 in the first place. This presentation will dig into the current threat landscape and give an insight into the NIS2 legislation and the cybersecurity requirements.
- 11.00-11.30 NIS2 from a National Perspective – Key Principles and Latest Developments (Presentation in Danish)
  
  By Morten Rosted, Danish Emergency Management Agency (Styrelsen for Samfundssikkerhed)
- 11.30-11.50 Break
- 11.50-12.25 Modernizing Legacy Infrastructure: A Practical Approach to NIS2 and CER Compliance in the Energy Sector
  
  By Rambøll
  
  How do you secure and modernize critical infrastructure built in the 1980s to meet today's cybersecurity demands? In this case study, you'll hear how a major district heating operator is tackling exactly that challenge. With a sprawling operational area and no direct end-user contact, the company must navigate the balance between functionality, regulation (NIS2 and CER), usability, and cost.
  Discover how internal design principles – inspired by NIS2 and CER requirements – are being developed to guide future renovations and expansions. Learn practical steps for immediate security enhancements, including the creation of procedures, implementation of technical measures, and the training of key personnel. Walk away with concrete ideas on how to turn regulation into resilience, ensuring both compliance and operational excellence.
- 12.25-13.00 Meeting NIS2 Demands as a Vendor – Practical Experiences and Customer Expectations
  
  By Stefan Turi, Rockwell
  
  What NIS2-related requirements and expectations do vendors meet from customers, and how are they handled in practice? In this presentation, Rockwell shares experiences from working with industrial clients navigating the directive.
  
  You’ll hear how Rockwell balances technical setups with documentation and compliance, and what it means in day-to-day collaboration with customers. The presentation also reflects on how customer expectations vary, and how Rockwell adapts to these differences.
- 13.00-14.00 Lunch
- 14.00-14.10 OT Under Siege: Mapping the Industrial Cyber Threat Landscape of 2025
  
  By Jeppe Engell, DI Digital
- 14.10-14.40 ISO 27001 standards as a tool
  
  By Niels Gamborg, ISO27001 Certificed Lead Auditor, Siemens
  
  The ISO 27000 series count more the 50 standards supporting the ISO 27001 requirement standard. Many have heard of ISO 27002, but ISO 27003 seems completely unknown to most people – even though it might be the most relevant standard to use if you want to be ISO 27001 compliant or certified. Niels will share his many years of experience as lead auditor, implementer, management consultant and systems manager in build-up, implementation, compliance and certification. What is the do´s and don’ts if you want to use standards as tool for information security. What are the actual requirements, and what are the most common failures to comply.
- 14.40-15.00 Break
- 15.00-15.30 Technical security measurements from a system integrator view - The practical implementation
  
  By Morten Busch, Init Denmark
  
  Morten from INIT Denmark will be presenting real life examples of a technical implementations that was done to mitigate risks and vulnerabilities identified in a customer environment.
- 15.30-16.00 Vendor management (within NIS 2): why you cannot outsource your responsibility
  
  By Anne Duedahl, MDK Advisory
  
  When it comes to NIS 2 compliance, relying on vendors isn't enough—you can outsource services, but not your responsibility. In this talk, we’ll dive into the real risks of assuming your supply chain has everything under control and explore what you can do to strengthen your vendor management processes. During the presentation we will go through practical steps to strengthen oversight, reduce exposure, and stay compliant without drowning in bureaucracy. Expect real-world examples, not just theory—because when regulators come knocking, “Our vendor handles that” won’t cut it.
- 16.00-16.15 Closing Remarks and Key Takeaways

NIS2 for OT: From Regulation to Industry Practice

NIS2 brings new demands for OT environments. This is your chance to understand what’s required – and how others are responding.

VOUCHERS

Agenda

10.30-11.00 Understanding the Current Cyber Threat Landscape and Introduction to NIS2

11.50-12.25 Modernizing Legacy Infrastructure: A Practical Approach to NIS2 and CER Compliance in the Energy Sector

12.25-13.00 Meeting NIS2 Demands as a Vendor – Practical Experiences and Customer Expectations

14.10-14.40 ISO 27001 standards as a tool

15.00-15.30 Technical security measurements from a system integrator view - The practical implementation

15.30-16.00 Vendor management (within NIS 2): why you cannot outsource your responsibility

Contacts

Favorit