{"id":3117,"date":"2026-01-12T09:40:00","date_gmt":"2026-01-12T08:40:00","guid":{"rendered":"https:\/\/consalta.ba\/?p=3117"},"modified":"2026-03-04T22:17:31","modified_gmt":"2026-03-04T21:17:31","slug":"how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu","status":"publish","type":"post","link":"https:\/\/consalta.ba\/en\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/","title":{"rendered":"How NIS2 Affects Bosnian Companies \u2014 Even Though We&#8217;re Not in the EU"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"3117\" class=\"elementor elementor-3117\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c6a0a86 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c6a0a86\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b060334\" data-id=\"b060334\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-b5ed845 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b5ed845\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-be66d84\" data-id=\"be66d84\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-dd142e2 elementor-widget__width-initial elementor-widget elementor-widget-image\" data-id=\"dd142e2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"572\" height=\"777\" src=\"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg\" class=\"attachment-large size-large wp-image-3118\" alt=\"NIS2 Supply Chain Management\" srcset=\"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg 572w, https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply-221x300.jpg 221w, https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply-9x12.jpg 9w\" sizes=\"(max-width: 572px) 100vw, 572px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-66 elementor-inner-column elementor-element elementor-element-c7fc7e7\" data-id=\"c7fc7e7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5a40a12 elementor-widget elementor-widget-text-editor\" data-id=\"5a40a12\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>If your organization operates in Bosnia and Herzegovina, you&#8217;ve probably heard about the EU&#8217;s\u00a0<a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/nis2-directive\" target=\"_blank\" rel=\"noopener\">NIS2 Directive<\/a>\u00a0and thought: &#8220;That&#8217;s an EU regulation. It doesn&#8217;t apply to us.&#8221; For many Bosnian companies, that assumption could cost real business.<\/p>\n<p>NIS2 is already reshaping how companies across Europe approach cybersecurity. And while Bosnia and Herzegovina isn&#8217;t an EU member state, the ripple effects of this regulation are very real \u2014 especially if your clients, partners, or suppliers operate in the EU. Here&#8217;s what you need to know and, more importantly, what you can do about it right now.<\/p>\n<h3>Quick Overview: What is NIS2?<\/h3>\n<div>\n<p class=\"\" data-start=\"1347\" data-end=\"1624\">The NIS2 Directive (Network and Information Security Directive 2) is the EU&#8217;s updated cybersecurity regulation, replacing the original NIS Directive from 2016. Its goal is straightforward: raise the baseline level of cybersecurity across all EU member states.<\/p>\n<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-916ac7b elementor-widget elementor-widget-text-editor\" data-id=\"916ac7b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div>\n<p>NIS2 covers 18 critical sectors \u2014 a significant expansion from the original directive. We&#8217;re talking about energy, transport, banking, healthcare, digital infrastructure, telecom, cloud providers, ICT service management, manufacturing, food production, chemicals, postal services, and more. It applies to medium-sized and large organizations (generally 50+ employees or \u20ac10 million+ annual turnover), though some sectors \u2014 particularly digital infrastructure \u2014 are covered regardless of size.<\/p>\n<p>In short: a very large number of EU companies are now regulated under NIS2. If you work with EU clients, chances are good that at least some of them fall within its scope.<\/p>\n<p>The requirements focus on several key areas:<\/p>\n<ul>\n<li>Risk management and security policies<\/li>\n<li>Incident detection, response, and reporting (with strict timelines \u2014 often within 24 hours)<\/li>\n<li>Supply chain and third-party security<\/li>\n<li>Business continuity and crisis management<\/li>\n<li>Board-level accountability for cybersecurity<\/li>\n<\/ul>\n<p>The enforcement is serious: fines of up to \u20ac10 million or 2% of global annual turnover, and \u2014 this is new \u2014 personal accountability for senior management. Under NIS2, cybersecurity is no longer just an IT issue. It&#8217;s a boardroom responsibility.<\/p>\n<p>All EU member states are required to transpose NIS2 into national law. Croatia and Slovenia have already done so. Germany finalized its implementation in late 2025, with full enforcement rolling out through 2026. The same applies across the EU \u2014 from Austria to the Netherlands. This means the companies you work with in these markets are already adapting to NIS2 requirements.<\/p>\n<\/div>\n<h2>Why NIS2 Directly Affects Bosnian Companies<\/h2>\n<p>This is the part many organizations in Bosnia and Herzegovina \u2014 and across the Western Balkans \u2014 overlook, so it&#8217;s worth being very clear about it:<\/p>\n<p><strong>NIS2 requires EU-regulated companies to manage cybersecurity risk across their entire supply chain.<\/strong>\u00a0Not just within their own organization \u2014 across every supplier, service provider, and business partner they work with, regardless of where those partners are located.<\/p>\n<p>In practice, this means that if your company provides any kind of service or product to an EU client in a regulated sector, that client is now legally obligated to verify that\u00a0<em>you<\/em>\u00a0meet certain cybersecurity standards. They will need to include specific security requirements in your contracts, assess your security posture, and potentially audit you. If they can&#8217;t demonstrate their supply chain is secure,\u00a0<em>they<\/em>\u00a0face the penalties.<\/p>\n<p><strong>You don&#8217;t need to be regulated by NIS2 to be affected by it. You just need to have EU clients who are.<\/strong><\/p>\n<p>Let&#8217;s make this concrete with a few examples of how NIS2 impacts typical Bosnian companies:<\/p>\n<ul>\n<li><strong>A software development company in Sarajevo<\/strong>\u00a0that builds and maintains applications for a German financial services firm. That German firm is now regulated under NIS2 and must ensure its IT suppliers have incident response procedures, access controls, and documented security policies in place.<\/li>\n<li><strong>A BPO company in Banja Luka<\/strong>\u00a0processing data for a Croatian insurance company. The Croatian insurer, now under NIS2 obligations, needs contractual guarantees about how that data is protected \u2014 and evidence to back it up.<\/li>\n<li><strong>A manufacturing company in Zenica<\/strong>\u00a0supplying components to a Slovenian energy company. Even though this isn&#8217;t an IT relationship, NIS2&#8217;s supply chain requirements extend to any supplier whose disruption could impact the regulated entity&#8217;s operations.<\/li>\n<\/ul>\n<p>The same logic applies to companies in Serbia, Montenegro, and across the region. Anyone doing business with EU-regulated clients is in scope by extension.<\/p>\n<h2>What NIS2 Requires \u2014 and What ISO 27001 Already Covers<\/h2>\n<p>If your organization already has\u00a0<a href=\"https:\/\/consalta.ba\/en\/isms-information-security-management-system-iso-27001\/\">ISO 27001<\/a>\u00a0certification, or is working toward it, you&#8217;re in a strong position. The overlap between NIS2 requirements and ISO 27001 controls is substantial.<\/p>\n<table>\n<thead>\n<tr>\n<th><strong>NIS2 Requirement<\/strong><\/th>\n<th><strong>What ISO 27001 Already Provides<\/strong><\/th>\n<th><strong>What You May Still Need<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Risk management policies<\/td>\n<td>Structured risk assessment and treatment process<\/td>\n<td>Ensure scope explicitly covers ICT operational resilience<\/td>\n<\/tr>\n<tr>\n<td>Incident handling and reporting<\/td>\n<td>Defined incident management procedures<\/td>\n<td>Formalize reporting timelines (24h early warning, 72h full report) aligned with EU client expectations<\/td>\n<\/tr>\n<tr>\n<td>Supply chain security<\/td>\n<td>Supplier assessment and monitoring controls<\/td>\n<td>Strengthen contractual clauses with specific cybersecurity requirements your EU clients can reference<\/td>\n<\/tr>\n<tr>\n<td>Business continuity<\/td>\n<td>BCM planning and testing<\/td>\n<td>Add scenario-based testing for ICT-specific disruptions<\/td>\n<\/tr>\n<tr>\n<td>Governance and accountability<\/td>\n<td>Management commitment and review<\/td>\n<td>Document explicit board-level cybersecurity responsibilities<\/td>\n<\/tr>\n<tr>\n<td>Training and awareness<\/td>\n<td>Security awareness programs<\/td>\n<td>Extend training to cover supply chain obligations and incident reporting procedures<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c31ff15 elementor-widget elementor-widget-text-editor\" data-id=\"c31ff15\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The bottom line: if you have a functioning ISMS built on ISO 27001, you&#8217;re not starting from zero. You&#8217;re adapting and extending what you already have. For organizations without ISO 27001, implementing it now gives you the most efficient, internationally recognized foundation that directly addresses what your EU partners will be asking for.<\/p>\n<h2>\u00a0<span style=\"font-size: 2.625rem;\">What Should You Do Right Now?<\/span><\/h2>\n<p style=\"font-size: 16px; font-style: normal; font-weight: 400;\">You don&#8217;t need to wait for a Bosnian NIS2 equivalent (though as an EU candidate country, something similar will likely come). The pressure is market-driven and it&#8217;s already here.<\/p>\n<p style=\"font-size: 16px; font-style: normal; font-weight: 400;\"><span style=\"font-weight: bold;\">1. Understand your exposure.<\/span>\u00a0Map out which of your clients and partners operate in EU-regulated sectors. If you serve Croatian banks, German manufacturers, or Slovenian healthcare providers, you&#8217;re in scope by extension.<\/p>\n<p style=\"font-size: 16px; font-style: normal; font-weight: 400;\"><span style=\"font-weight: bold;\">2. Review your contracts.<\/span>\u00a0Look at your existing agreements with EU clients. Are there cybersecurity clauses? Security assessment requirements? If not yet, expect them soon.<\/p>\n<p style=\"font-size: 16px; font-style: normal; font-weight: 400;\"><span style=\"font-weight: bold;\">3. Assess your current security posture.<\/span>\u00a0If you have ISO 27001, review how well your ISMS covers the NIS2 areas outlined above. If you don&#8217;t, a\u00a0<a style=\"color: #006bd6; transition-property: all;\" href=\"https:\/\/consalta.ba\/en\/first-steps-in-implementing-iso-27001-conducting-a-gap-analysis\/\">gap analysis<\/a>\u00a0is the logical starting point.<\/p>\n<p style=\"font-size: 16px; font-style: normal; font-weight: 400;\"><span style=\"font-weight: bold;\">4. Strengthen your incident response.<\/span>\u00a0NIS2&#8217;s strict reporting timelines will flow into supplier contracts. Make sure you can detect, respond to, and communicate about security incidents quickly and clearly.<\/p>\n<p style=\"font-size: 16px; font-style: normal; font-weight: 400;\"><span style=\"font-weight: bold;\">5. Document everything.<\/span>\u00a0EU-regulated companies will need evidence that their supply chain is secure. Having well-documented policies, procedures, and audit results makes you an easy partner to work with \u2014 and a difficult one to replace.<\/p>\n<h2 style=\"font-style: normal; color: #101218;\">Don&#8217;t Wait for the Regulation \u2014 Respond to the Market<\/h2>\n<p style=\"font-size: 16px; font-style: normal; font-weight: 400;\">The companies you work with are already adapting to NIS2. The question is whether you&#8217;ll be ready when they turn to their supply chain and start asking hard questions.<\/p>\n<p style=\"font-size: 16px; font-style: normal; font-weight: 400;\">The good news: for organizations already following ISO 27001, the gap is manageable. For those just starting out, implementing ISO 27001 with NIS2 in mind means you build a security foundation ready for both today&#8217;s market demands and tomorrow&#8217;s regulatory landscape. If you&#8217;re interested in understanding how ISO 27001 aligns with other EU regulations, you may also find our post on\u00a0<a style=\"color: #006bd6; transition-property: all;\" href=\"https:\/\/consalta.ba\/en\/iso-27001-and-dora-compliance-how-closely-aligned-are-they\/\">ISO 27001 and DORA compliance<\/a>\u00a0useful.<\/p>\n<p style=\"font-size: 16px; font-style: normal; font-weight: 400;\">At Consalta, we help organizations navigate exactly this kind of challenge \u2014 understanding where you stand today, identifying what needs to change, and building a practical path to compliance. If you&#8217;re unsure how NIS2 might affect your business relationships,\u00a0<a style=\"color: #006bd6; transition-property: all;\" href=\"https:\/\/consalta.ba\/en\/contact\/\">feel free to contact us<\/a>. No jargon, no pressure \u2014 just clarity on your next steps.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c7053fe elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"c7053fe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5e8ec64 elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"5e8ec64\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5a43a48\" data-id=\"5a43a48\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-cc9c319 elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cc9c319\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-c14006a\" data-id=\"c14006a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4826c08 elementor-widget elementor-widget-heading\" data-id=\"4826c08\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Would you like to start a project with us?<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b497127 elementor-widget elementor-widget-text-editor\" data-id=\"b497127\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The initial consultation is free! We believe in truly helping our clients. You\u2019ll talk with one of our consultants directly. No pushy sales \u2013 no strings attached.<br \/><span style=\"font-weight: bold;\">Go ahead \u2013 check for yourself, now!<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-ef754e2\" data-id=\"ef754e2\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8d344fa elementor-align-right elementor-tablet-align-center elementor-widget elementor-widget-button\" data-id=\"8d344fa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/consalta.ba\/contact\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Free consultation<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>NIS2 is an EU regulation \u2014 but if your Bosnian company works with EU clients, it already affects you. Find out why, and what you can do about it right now.<\/p>\n","protected":false},"author":1,"featured_media":3118,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[27,37,66],"tags":[79,80,20,51,77,78],"class_list":["post-3117","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-to-implement-iso-27001-practical-guide","category-implementation","category-regulation","tag-cybersecurity-regulation-bosnia","tag-eu-compliance","tag-iso-27001-implementation","tag-iso-standards-compliance","tag-nis2","tag-nis2-supply-chain"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ISO 27001 and DORA Compliance: How Closely Aligned Are They?<\/title>\n<meta name=\"description\" content=\"Learn how ISO 27001 simplifies DORA compliance. Discover clear steps for bridging gaps and building operational resilience.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/consalta.ba\/en\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 27001 and DORA Compliance: How Closely Aligned Are They?\" \/>\n<meta property=\"og:description\" content=\"Learn how ISO 27001 simplifies DORA compliance. Discover clear steps for bridging gaps and building operational resilience.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/consalta.ba\/en\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/\" \/>\n<meta property=\"og:site_name\" content=\"Consalta\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-12T08:40:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-04T21:17:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"572\" \/>\n\t<meta property=\"og:image:height\" content=\"777\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"OJB\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"OJB\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/\"},\"author\":{\"name\":\"OJB\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#\\\/schema\\\/person\\\/b8449ee47559258a18597f3b91629afc\"},\"headline\":\"How NIS2 Affects Bosnian Companies \u2014 Even Though We&#8217;re Not in the EU\",\"datePublished\":\"2026-01-12T08:40:00+00:00\",\"dateModified\":\"2026-03-04T21:17:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/\"},\"wordCount\":1287,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/Chain-Supply.jpg\",\"keywords\":[\"cybersecurity regulation Bosnia\",\"EU compliance\",\"ISO 27001 implementation\",\"ISO Standards Compliance\",\"NIS2\",\"NIS2 supply chain\"],\"articleSection\":[\"Deep Dive\",\"Implementation\",\"Regulation\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/\",\"url\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/\",\"name\":\"ISO 27001 and DORA Compliance: How Closely Aligned Are They?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/Chain-Supply.jpg\",\"datePublished\":\"2026-01-12T08:40:00+00:00\",\"dateModified\":\"2026-03-04T21:17:31+00:00\",\"description\":\"Learn how ISO 27001 simplifies DORA compliance. Discover clear steps for bridging gaps and building operational resilience.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/#primaryimage\",\"url\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/Chain-Supply.jpg\",\"contentUrl\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/Chain-Supply.jpg\",\"width\":572,\"height\":777,\"caption\":\"Supply Chain\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/consalta.ba\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Deep Dive\",\"item\":\"https:\\\/\\\/consalta.ba\\\/en\\\/category\\\/how-to-implement-iso-27001-practical-guide\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How NIS2 Affects Bosnian Companies \u2014 Even Though We&#8217;re Not in the EU\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/consalta.ba\\\/en\\\/\",\"name\":\"Consalta\",\"description\":\"Get Certified!\",\"publisher\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/consalta.ba\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#organization\",\"name\":\"Consalta\",\"url\":\"https:\\\/\\\/consalta.ba\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2024\\\/11\\\/Logo-getcert-2024_transpback_blue-black.png\",\"contentUrl\":\"https:\\\/\\\/consalta.ba\\\/wp-content\\\/uploads\\\/2024\\\/11\\\/Logo-getcert-2024_transpback_blue-black.png\",\"width\":\"617\",\"height\":\"90\",\"caption\":\"Consalta\"},\"image\":{\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/ba.linkedin.com\\\/company\\\/consalta-d.o.o.\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/consalta.ba\\\/en\\\/#\\\/schema\\\/person\\\/b8449ee47559258a18597f3b91629afc\",\"name\":\"OJB\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g\",\"caption\":\"OJB\"},\"sameAs\":[\"https:\\\/\\\/consalta.ba\"],\"url\":\"https:\\\/\\\/consalta.ba\\\/en\\\/author\\\/admin_8k999oh2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 27001 and DORA Compliance: How Closely Aligned Are They?","description":"Learn how ISO 27001 simplifies DORA compliance. Discover clear steps for bridging gaps and building operational resilience.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/consalta.ba\/en\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/","og_locale":"en_US","og_type":"article","og_title":"ISO 27001 and DORA Compliance: How Closely Aligned Are They?","og_description":"Learn how ISO 27001 simplifies DORA compliance. Discover clear steps for bridging gaps and building operational resilience.","og_url":"https:\/\/consalta.ba\/en\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/","og_site_name":"Consalta","article_published_time":"2026-01-12T08:40:00+00:00","article_modified_time":"2026-03-04T21:17:31+00:00","og_image":[{"width":572,"height":777,"url":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg","type":"image\/jpeg"}],"author":"OJB","twitter_card":"summary_large_image","twitter_misc":{"Written by":"OJB","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/#article","isPartOf":{"@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/"},"author":{"name":"OJB","@id":"https:\/\/consalta.ba\/en\/#\/schema\/person\/b8449ee47559258a18597f3b91629afc"},"headline":"How NIS2 Affects Bosnian Companies \u2014 Even Though We&#8217;re Not in the EU","datePublished":"2026-01-12T08:40:00+00:00","dateModified":"2026-03-04T21:17:31+00:00","mainEntityOfPage":{"@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/"},"wordCount":1287,"commentCount":0,"publisher":{"@id":"https:\/\/consalta.ba\/en\/#organization"},"image":{"@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/#primaryimage"},"thumbnailUrl":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg","keywords":["cybersecurity regulation Bosnia","EU compliance","ISO 27001 implementation","ISO Standards Compliance","NIS2","NIS2 supply chain"],"articleSection":["Deep Dive","Implementation","Regulation"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/","url":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/","name":"ISO 27001 and DORA Compliance: How Closely Aligned Are They?","isPartOf":{"@id":"https:\/\/consalta.ba\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/#primaryimage"},"image":{"@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/#primaryimage"},"thumbnailUrl":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg","datePublished":"2026-01-12T08:40:00+00:00","dateModified":"2026-03-04T21:17:31+00:00","description":"Learn how ISO 27001 simplifies DORA compliance. Discover clear steps for bridging gaps and building operational resilience.","breadcrumb":{"@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/#primaryimage","url":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg","contentUrl":"https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg","width":572,"height":777,"caption":"Supply Chain"},{"@type":"BreadcrumbList","@id":"https:\/\/consalta.ba\/how-nis2-affects-bosnian-companies-even-though-were-not-in-the-eu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/consalta.ba\/en\/"},{"@type":"ListItem","position":2,"name":"Deep Dive","item":"https:\/\/consalta.ba\/en\/category\/how-to-implement-iso-27001-practical-guide\/"},{"@type":"ListItem","position":3,"name":"How NIS2 Affects Bosnian Companies \u2014 Even Though We&#8217;re Not in the EU"}]},{"@type":"WebSite","@id":"https:\/\/consalta.ba\/en\/#website","url":"https:\/\/consalta.ba\/en\/","name":"Consalta","description":"Get Certified!","publisher":{"@id":"https:\/\/consalta.ba\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/consalta.ba\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/consalta.ba\/en\/#organization","name":"Consalta","url":"https:\/\/consalta.ba\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/consalta.ba\/en\/#\/schema\/logo\/image\/","url":"https:\/\/consalta.ba\/wp-content\/uploads\/2024\/11\/Logo-getcert-2024_transpback_blue-black.png","contentUrl":"https:\/\/consalta.ba\/wp-content\/uploads\/2024\/11\/Logo-getcert-2024_transpback_blue-black.png","width":"617","height":"90","caption":"Consalta"},"image":{"@id":"https:\/\/consalta.ba\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/ba.linkedin.com\/company\/consalta-d.o.o."]},{"@type":"Person","@id":"https:\/\/consalta.ba\/en\/#\/schema\/person\/b8449ee47559258a18597f3b91629afc","name":"OJB","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/69c0cb70266add0c68274346f544f85223697fb0959d7a797c6a99b8e6babcba?s=96&d=mm&r=g","caption":"OJB"},"sameAs":["https:\/\/consalta.ba"],"url":"https:\/\/consalta.ba\/en\/author\/admin_8k999oh2\/"}]}},"rttpg_featured_image_url":{"full":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg",572,777,false],"landscape":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg",572,777,false],"portraits":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg",572,777,false],"thumbnail":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply-150x150.jpg",150,150,true],"medium":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply-221x300.jpg",221,300,true],"large":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg",572,777,false],"1536x1536":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg",572,777,false],"2048x2048":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply.jpg",572,777,false],"trp-custom-language-flag":["https:\/\/consalta.ba\/wp-content\/uploads\/2026\/03\/Chain-Supply-9x12.jpg",9,12,true]},"rttpg_author":{"display_name":"OJB","author_link":"https:\/\/consalta.ba\/en\/author\/admin_8k999oh2\/"},"rttpg_comment":2,"rttpg_category":"<a href=\"https:\/\/consalta.ba\/en\/category\/how-to-implement-iso-27001-practical-guide\/\" rel=\"category tag\">Deep Dive<\/a> <a href=\"https:\/\/consalta.ba\/en\/category\/implementation\/\" rel=\"category tag\">Implementation<\/a> <a href=\"https:\/\/consalta.ba\/en\/category\/regulation\/\" rel=\"category tag\">Regulation<\/a>","rttpg_excerpt":"NIS2 is an EU regulation \u2014 but if your Bosnian company works with EU clients, it already affects you. Find out why, and what you can do about it right now.","_links":{"self":[{"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/posts\/3117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/comments?post=3117"}],"version-history":[{"count":11,"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/posts\/3117\/revisions"}],"predecessor-version":[{"id":3130,"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/posts\/3117\/revisions\/3130"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/media\/3118"}],"wp:attachment":[{"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/media?parent=3117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/categories?post=3117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/consalta.ba\/en\/wp-json\/wp\/v2\/tags?post=3117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}