In the April 2025 issue of Netweek (No. 488), a comprehensive feature on RegTech explores the increasing regulatory pressures on businesses in the digital age. Among the voices contributing to this critical discussion is Penny Kontogeorgou, Partner at Zoulovits – Kontogeorgou Law Firm (ZK Law), who sheds light on the legal and operational challenges companies face when navigating the evolving cybersecurity compliance landscape—particularly under the EU’s NIS2 directive.*
As digital threats grow in both frequency and sophistication, regulatory frameworks such as NIS2 are raising the bar for cybersecurity compliance across Europe. But while the objectives of these laws are clear—resilience, data protection, and operational continuity—the path to compliance is often riddled with cost burdens and legal uncertainty.
Compliance in the Grey Zone
In her analysis for Netweek, Penny Kontogeorgou emphasizes a critical concern: the expansion of NIS2 to cover a broader set of companies has created a legal grey zone for many businesses.
“Due to the widening scope of obligated entities, some businesses are uncertain whether they fall under NIS2,” she notes. “This includes FinTech startups, logistics companies, and AI service providers, which may operate in sensitive sectors but don’t clearly meet the size or criticality criteria.”
This ambiguity can delay compliance efforts and increase exposure to regulatory penalties, especially for businesses without in-house legal or compliance expertise.
The Financial Strain of Cyber Resilience
Kontogeorgou also highlights the economic pressure NIS2 places on companies. Compliance requires investment in technology upgrades, staff training, external advisors (such as CISOs, DPOs, and risk officers), and regular audits—resources that many SMEs simply cannot afford.
While large enterprises may pass these costs onto consumers or leverage existing infrastructure, smaller companies face the risk of being pushed out of vital supply chains. As Kontogeorgou points out in the article, “This indirectly creates a competitive advantage for larger organizations, which already have mature cybersecurity frameworks in place.”
Fragmentation and Complexity
Beyond cost, the article also addresses the broader regulatory entanglement businesses must manage. With multiple frameworks now active—NIS2, GDPR, DORA, MiCAR, the AI Act—companies are burdened with overlapping responsibilities, conflicting deadlines, and siloed compliance protocols.
Penny observes: “Almost always, compliance requires internal restructuring, including new reporting processes, risk assessments, and defined governance roles. This adds operational friction and delays decision-making—especially when multiple specialized officers are required.”
Guiding Businesses Through Complexity
Penny Kontogeorgou’s contribution to Netweek reflects ZK Law’s broader commitment: helping businesses interpret, anticipate, and navigate regulatory developments through strategic legal advice and tailored compliance frameworks. In a world where digital infrastructure is both an asset and a liability, legal clarity is not a luxury—it’s a necessity.
Read more in Netweek’s April 2025 issue (No. 488) under the Special Report on RegTech Compliance.
For legal guidance on NIS2, cybersecurity governance, or multi-framework compliance strategies, contact ZK Law at info@zklawfirm.gr.
