{"id":3219,"date":"2025-10-28T14:52:22","date_gmt":"2025-10-28T14:52:22","guid":{"rendered":"https:\/\/phishia.fr\/?p=3219"},"modified":"2025-10-31T08:09:07","modified_gmt":"2025-10-31T08:09:07","slug":"nis2-dora-obligations-ue","status":"publish","type":"post","link":"https:\/\/phishia.fr\/en\/blog\/compliance-management\/nis2-dora-obligations-ue\/","title":{"rendered":"NIS2 &amp; DORA: EU obligations, key differences, concrete roadmap"},"content":{"rendered":"<h2>Why are we talking so much about NIS2 and DORA?<\/h2>\n<p data-start=\"193\" data-end=\"335\">Two European texts, two related objectives: <strong data-start=\"241\" data-end=\"287\">reduce the impact of digital incidents<\/strong> and <strong data-start=\"291\" data-end=\"332\">make organizations controllable<\/strong>.<\/p>\n<ul data-start=\"336\" data-end=\"547\">\n<li data-start=\"336\" data-end=\"468\">\n<p data-start=\"338\" data-end=\"468\"><strong data-start=\"338\" data-end=\"346\">NIS2<\/strong> targets \"essential\" and \"important\" sectors (energy, health, transport, water, digital, public administration, etc.).<\/p>\n<\/li>\n<li data-start=\"469\" data-end=\"547\">\n<p data-start=\"471\" data-end=\"547\"><strong data-start=\"471\" data-end=\"479\">DORA<\/strong> targets the <strong data-start=\"489\" data-end=\"510\">financial sector<\/strong> and its critical ICT providers.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"549\" data-end=\"735\">In both cases: governance at management level, risk management, incident preparation, <strong data-start=\"654\" data-end=\"665\">evidence<\/strong>available... and <strong data-start=\"686\" data-end=\"703\">deadlines\/format<\/strong> authorities.<\/p>\n<h2>NIS2 in brief (what the authorities expect of you)<\/h2>\n<ul data-start=\"864\" data-end=\"1505\">\n<li data-start=\"864\" data-end=\"984\">\n<p data-start=\"866\" data-end=\"984\"><strong data-start=\"866\" data-end=\"888\">Who's concerned?<\/strong> Essential\" entities with <strong>+50 employees\u00a0<\/strong>or\u00a0<strong>+10M sales.<\/strong><\/p>\n<\/li>\n<li data-start=\"985\" data-end=\"1337\">\n<p data-start=\"987\" data-end=\"1018\"><strong data-start=\"987\" data-end=\"1016\">What needs to be demonstrated :<\/strong><\/p>\n<ol data-start=\"1021\" data-end=\"1337\">\n<li data-start=\"1021\" data-end=\"1088\">\n<p data-start=\"1024\" data-end=\"1088\"><strong data-start=\"1024\" data-end=\"1039\">Governance<\/strong> with explicit management responsibility.<\/p>\n<\/li>\n<li data-start=\"1091\" data-end=\"1151\">\n<p data-start=\"1094\" data-end=\"1151\"><strong data-start=\"1094\" data-end=\"1117\">Risk management<\/strong> (including <strong data-start=\"1131\" data-end=\"1147\">supply-chain<\/strong>).<\/p>\n<\/li>\n<li data-start=\"1154\" data-end=\"1217\">\n<p data-start=\"1157\" data-end=\"1217\"><strong data-start=\"1157\" data-end=\"1181\">Continuity &amp; response<\/strong> procedures, exercises, proofs.<\/p>\n<\/li>\n<li data-start=\"1220\" data-end=\"1337\">\n<p data-start=\"1223\" data-end=\"1337\"><strong data-start=\"1223\" data-end=\"1250\">Incident notification<\/strong> in <strong data-start=\"1260\" data-end=\"1279\">controlled deadlines<\/strong> (early warning, notification within 72 h, final report).<\/p>\n<\/li>\n<\/ol>\n<\/li>\n<li data-start=\"1338\" data-end=\"1505\">\n<p data-start=\"1340\" data-end=\"1505\"><strong data-start=\"1340\" data-end=\"1372\">Daily changes :<\/strong> traced decisions, formalized supplier requirements, ready messages for reporting incidents, possible controls by the authority (heavy fines in the event of non-compliance).<\/p>\n<\/li>\n<\/ul>\n<h2>DORA at a glance (finance specific)<\/h2>\n<ul>\n<li data-start=\"1617\" data-end=\"1750\">\n<p data-start=\"1619\" data-end=\"1750\"><strong data-start=\"1619\" data-end=\"1641\">Who's concerned?<\/strong> Banks, insurance companies, investment firms, related entities... and certain <strong data-start=\"1717\" data-end=\"1737\">ICT service providers<\/strong> reviews.<\/p>\n<\/li>\n<li data-start=\"1751\" data-end=\"2117\">\n<p data-start=\"1753\" data-end=\"1784\"><strong data-start=\"1753\" data-end=\"1782\">What needs to be demonstrated :<\/strong><\/p>\n<ol data-start=\"1787\" data-end=\"2117\">\n<li data-start=\"1787\" data-end=\"1836\">\n<p data-start=\"1790\" data-end=\"1836\"><strong data-start=\"1790\" data-end=\"1809\">ICT governance<\/strong> by management.<\/p>\n<\/li>\n<li data-start=\"1839\" data-end=\"1925\">\n<p data-start=\"1842\" data-end=\"1925\"><strong data-start=\"1842\" data-end=\"1867\">Incident management<\/strong> with <strong data-start=\"1873\" data-end=\"1896\">harmonized reporting<\/strong> financial authorities.<\/p>\n<\/li>\n<li data-start=\"1928\" data-end=\"1995\">\n<p data-start=\"1931\" data-end=\"1995\"><strong data-start=\"1931\" data-end=\"1944\">Third-party ICT<\/strong> : register, clauses, monitoring, exit strategy.<\/p>\n<\/li>\n<li data-start=\"1998\" data-end=\"2069\">\n<p data-start=\"2001\" data-end=\"2069\"><strong data-start=\"2001\" data-end=\"2024\">Resilience testing<\/strong> (up to advanced scenarios).<\/p>\n<\/li>\n<li data-start=\"2072\" data-end=\"2117\">\n<p data-start=\"2075\" data-end=\"2117\"><strong data-start=\"2075\" data-end=\"2089\">Continuity<\/strong> &amp; crisis communication.<\/p>\n<\/li>\n<\/ol>\n<\/li>\n<li data-start=\"2118\" data-end=\"2282\">\n<p data-start=\"2120\" data-end=\"2282\"><strong data-start=\"2120\" data-end=\"2152\">Daily changes :<\/strong> formats and channels <strong data-start=\"2174\" data-end=\"2187\">reporting<\/strong> defined, contractual supplier relationships, testing and exercise schedule.<\/p>\n<\/li>\n<\/ul>\n<h2>NIS2 vs DORA: same foundations, different accents<\/h2>\n<table style=\"caret-color: #000000; color: #000000;\">\n<thead>\n<tr>\n<th>Theme<\/th>\n<th>NIS2<\/th>\n<th>DORA<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Nature<\/td>\n<td>Essential\/Important Sectors Directive<\/td>\n<td>R\u00e8glement finance (applicable as is)<\/td>\n<\/tr>\n<tr>\n<td>Management<\/td>\n<td>Explicit role, traceable decisions<\/td>\n<td>Ditto, + responsibility for ICT governance<\/td>\n<\/tr>\n<tr>\n<td>Incidents<\/td>\n<td>Early warning, notification, final report<\/td>\n<td>Harmonized reporting + short lead times possible<\/td>\n<\/tr>\n<tr>\n<td>Third parties<\/td>\n<td>Supplier\/supply-chain requirements<\/td>\n<td><strong>ICT service providers<\/strong>\u00a0strong contractualization &amp; exit<\/td>\n<\/tr>\n<tr>\n<td>Tests<\/td>\n<td>Regular exercises (IR\/BCP)<\/td>\n<td><strong>Resilience testing<\/strong>\u00a0structured, including advanced<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong data-start=\"2891\" data-end=\"2908\">In practice :<\/strong> a <strong data-start=\"2912\" data-end=\"2930\">Structured ISMS<\/strong> (such as ISO 27001) covers most of the base; we add the bricks <strong data-start=\"3000\" data-end=\"3020\">deadlines\/reporting<\/strong> and the <strong data-start=\"3027\" data-end=\"3043\">third-party layer<\/strong> specific to NIS2\/DORA.<\/p>\n<h2>How to prepare intelligently (without multiplying the number of jobs)<\/h2>\n<p><strong>Status &amp; scope<\/strong><\/p>\n<p data-start=\"3171\" data-end=\"3310\">Check if\/what applies, map activities, entities and suppliers concerned, identify the competent authority (and its formats).<\/p>\n<p><strong>Governance &amp; proof<\/strong><\/p>\n<p data-start=\"3341\" data-end=\"3481\">Appoint people in charge, document <strong data-start=\"3377\" data-end=\"3388\">how<\/strong> decisions are made, keep records and mark out milestones. <strong data-start=\"3458\" data-end=\"3480\">periodical magazines<\/strong>.<\/p>\n<p data-start=\"3341\" data-end=\"3481\"><strong>Incidents &amp; communication<\/strong><\/p>\n<p data-start=\"3516\" data-end=\"3662\">Write the <strong data-start=\"3526\" data-end=\"3543\">instructions for use<\/strong> detection, qualification, who alerts whom, message templates, delivery channels, <strong data-start=\"3624\" data-end=\"3646\">time clock<\/strong>training sessions.<\/p>\n<p data-start=\"3516\" data-end=\"3662\"><strong>Third parties &amp; contracts<\/strong><\/p>\n<p data-start=\"3688\" data-end=\"3877\">Segment suppliers according to criticality, define <strong data-start=\"3742\" data-end=\"3765\">minimum requirements<\/strong>integrate <strong data-start=\"3780\" data-end=\"3791\">clauses<\/strong> (notification, audits, safety, exit plan), and to establish a <strong data-start=\"3858\" data-end=\"3867\">follow-up<\/strong> regular.<\/p>\n<p data-start=\"3688\" data-end=\"3877\"><strong>Continuity &amp; testing<\/strong><\/p>\n<p>Realistic Plan B, exercises, <strong data-start=\"3933\" data-end=\"3956\">resilience testing<\/strong> (more advanced in DORA), logging results and decisions.<\/p>\n<h2>Conclusion<\/h2>\n<p>NIS2 and DORA are not so much about promises as about facts <strong data-start=\"5549\" data-end=\"5560\">evidence<\/strong> We're committed to ensuring that our customers' needs are met: clear governance, incidents managed and reported on time, third parties under control, tested continuity. With a <strong data-start=\"5690\" data-end=\"5703\">ISO 27001<\/strong> and an update on <strong data-start=\"5729\" data-end=\"5755\">deadlines\/reporting\/tiers<\/strong>You're all set... including the day of the inspection.<\/p>\n<p>You want a <strong data-start=\"5827\" data-end=\"5857\">NIS2\/DORA blank test<\/strong> and a prioritized roadmap? Let's talk about it.<\/p>","protected":false},"excerpt":{"rendered":"<p>Pourquoi on parle autant de NIS2 et DORA Deux textes europ\u00e9ens, deux objectifs voisins : r\u00e9duire les impacts d\u2019incidents num\u00e9riques et rendre les organisations contr\u00f4lables. NIS2 vise les secteurs \u00ab essentiels \u00bb et \u00ab importants \u00bb (\u00e9nergie, sant\u00e9, transports, eau, num\u00e9rique, administrations, etc.). DORA cible le secteur financier et ses prestataires TIC critiques. Dans les [&hellip;]<\/p>","protected":false},"author":3,"featured_media":3224,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[22],"tags":[],"class_list":["post-3219","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pilotage-conformite"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NIS2 &amp; DORA : obligations UE, diff\u00e9rences cl\u00e9s, feuille de route concr\u00e8te - Phishia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/phishia.fr\/en\/blog\/compliance-management\/nis2-dora-obligations-ue\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIS2 &amp; DORA : obligations UE, diff\u00e9rences cl\u00e9s, feuille de route concr\u00e8te - Phishia\" \/>\n<meta property=\"og:description\" content=\"Pourquoi on parle autant de NIS2 et DORA Deux textes europ\u00e9ens, deux objectifs voisins : r\u00e9duire les impacts d\u2019incidents num\u00e9riques et rendre les organisations contr\u00f4lables. NIS2 vise les secteurs \u00ab essentiels \u00bb et \u00ab importants \u00bb (\u00e9nergie, sant\u00e9, transports, eau, num\u00e9rique, administrations, etc.). DORA cible le secteur financier et ses prestataires TIC critiques. Dans les [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/phishia.fr\/en\/blog\/compliance-management\/nis2-dora-obligations-ue\/\" \/>\n<meta property=\"og:site_name\" content=\"Phishia\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-28T14:52:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-31T08:09:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/10\/nis2-dora.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1536\" \/>\n\t<meta property=\"og:image:height\" content=\"864\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/\"},\"author\":{\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\"},\"headline\":\"NIS2 &#038; DORA : obligations UE, diff\u00e9rences cl\u00e9s, feuille de route concr\u00e8te\",\"datePublished\":\"2025-10-28T14:52:22+00:00\",\"dateModified\":\"2025-10-31T08:09:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/\"},\"wordCount\":611,\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/nis2-dora.png\",\"articleSection\":[\"Pilotage et conformit\u00e9\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/\",\"name\":\"NIS2 & DORA : obligations UE, diff\u00e9rences cl\u00e9s, feuille de route concr\u00e8te - Phishia\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/nis2-dora.png\",\"datePublished\":\"2025-10-28T14:52:22+00:00\",\"dateModified\":\"2025-10-31T08:09:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/#primaryimage\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/nis2-dora.png\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/nis2-dora.png\",\"width\":1536,\"height\":864},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/pilotage-conformite\\\/nis2-dora-obligations-ue\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/phishia.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pilotage et conformit\u00e9\",\"item\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/category\\\/pilotage-conformite\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"NIS2 &#038; DORA : obligations UE, diff\u00e9rences cl\u00e9s, feuille de route concr\u00e8te\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"name\":\"Phishia\",\"description\":\"Cabinet de Conseil IT, Cybers\u00e9curit\u00e9, Durabilit\u00e9\",\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/phishia.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\",\"name\":\"Phishia\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"width\":512,\"height\":128,\"caption\":\"Phishia\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/phishia\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\",\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NIS2 &amp; DORA: EU obligations, key differences, concrete roadmap - Phishia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/phishia.fr\/en\/blog\/compliance-management\/nis2-dora-obligations-ue\/","og_locale":"en_US","og_type":"article","og_title":"NIS2 & DORA : obligations UE, diff\u00e9rences cl\u00e9s, feuille de route concr\u00e8te - Phishia","og_description":"Pourquoi on parle autant de NIS2 et DORA Deux textes europ\u00e9ens, deux objectifs voisins : r\u00e9duire les impacts d\u2019incidents num\u00e9riques et rendre les organisations contr\u00f4lables. NIS2 vise les secteurs \u00ab essentiels \u00bb et \u00ab importants \u00bb (\u00e9nergie, sant\u00e9, transports, eau, num\u00e9rique, administrations, etc.). DORA cible le secteur financier et ses prestataires TIC critiques. Dans les [&hellip;]","og_url":"https:\/\/phishia.fr\/en\/blog\/compliance-management\/nis2-dora-obligations-ue\/","og_site_name":"Phishia","article_published_time":"2025-10-28T14:52:22+00:00","article_modified_time":"2025-10-31T08:09:07+00:00","og_image":[{"width":1536,"height":864,"url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/10\/nis2-dora.png","type":"image\/png"}],"author":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/#article","isPartOf":{"@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/"},"author":{"name":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528"},"headline":"NIS2 &#038; DORA : obligations UE, diff\u00e9rences cl\u00e9s, feuille de route concr\u00e8te","datePublished":"2025-10-28T14:52:22+00:00","dateModified":"2025-10-31T08:09:07+00:00","mainEntityOfPage":{"@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/"},"wordCount":611,"publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"image":{"@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/10\/nis2-dora.png","articleSection":["Pilotage et conformit\u00e9"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/","url":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/","name":"NIS2 &amp; DORA: EU obligations, key differences, concrete roadmap - Phishia","isPartOf":{"@id":"https:\/\/phishia.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/#primaryimage"},"image":{"@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/10\/nis2-dora.png","datePublished":"2025-10-28T14:52:22+00:00","dateModified":"2025-10-31T08:09:07+00:00","breadcrumb":{"@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/#primaryimage","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/10\/nis2-dora.png","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/10\/nis2-dora.png","width":1536,"height":864},{"@type":"BreadcrumbList","@id":"https:\/\/phishia.fr\/blog\/pilotage-conformite\/nis2-dora-obligations-ue\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/phishia.fr\/"},{"@type":"ListItem","position":2,"name":"Pilotage et conformit\u00e9","item":"https:\/\/phishia.fr\/blog\/category\/pilotage-conformite\/"},{"@type":"ListItem","position":3,"name":"NIS2 &#038; DORA : obligations UE, diff\u00e9rences cl\u00e9s, feuille de route concr\u00e8te"}]},{"@type":"WebSite","@id":"https:\/\/phishia.fr\/#website","url":"https:\/\/phishia.fr\/","name":"Phishia","description":"IT Consulting, Cybersecurity, Sustainability","publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/phishia.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/phishia.fr\/#organization","name":"Phishia","url":"https:\/\/phishia.fr\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","width":512,"height":128,"caption":"Phishia"},"image":{"@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/phishia\/"]},{"@type":"Person","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528","name":"Enzo Debosque, Junior CyberSecurity Consultant"}]}},"_links":{"self":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/comments?post=3219"}],"version-history":[{"count":5,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3219\/revisions"}],"predecessor-version":[{"id":3342,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3219\/revisions\/3342"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/media\/3224"}],"wp:attachment":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/media?parent=3219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/categories?post=3219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/tags?post=3219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}