Ángel García-Madrid Velázquez, Head of Resilience Services & Business Continuity Manager at GMV, participated on May 15 in the event “The Voice of Andalusian Industry”, organized by the Industrial Cybersecurity Center (CCI). He delivered a presentation titled, “NIS2: Regulatory and operational challenges in industrial strategy and supply chain management”. His presentation provided a strategic overview of the impact of the new NIS2 directive on industry, particularly in multinational settings and supply chain protection.

Ángel began by outlining the key cybersecurity challenges faced by industry, especially within OT and IoT environments, where adopting sector-specific standards is critical. He emphasized that NIS2 should not be viewed in isolation but as part of a broader European regulatory ecosystem that includes initiatives such as the CER Directive, focusing on the resilience of critical entities; the Cyber Resilience Act (CRA), which introduces the principle of security by design for digital products; as well as RECAPI and the new Industry Law, which strengthen crisis management mechanisms.

A key focus of the discussion was the current status of NIS2 directive transposition at both national and international levels. Ángel stressed significant regulatory discrepancies between countries, posing challenges for multinational companies, and underscored the importance of moving toward a more harmonized and coordinated European framework.

In this context, he proposed a multi-layered compliance strategy that GMV is implementing in diverse industries from a variety of sectors, based on the following pillars:

• Development of a unified control catalog aligned with major international regulations.
• Reuse of existing controls mapped to local NIS2 transpositions.
• Automation of compliance through GRC tools tailored to each country.
• Strengthening corporate and national governance by integrating NIS2 into organizations’ strategic and compliance agendas.
• Designing a robust third-party risk management (TPRM) strategy to secure the supply chain.

Through this participation, GMV reaffirms its commitment to industrial cyber resilience and to providing strategic and technical support to organizations navigating the complex adaptation process to NIS2 and the broader European regulatory framework.