The introduction of the NIS2 Directive will create greater liability risks for directors and officers, and increase their risk profile for insurers. The Directive introduces stricter and more detailed technical and organisational cybersecurity requirements for companies in Germany. Although most businesses still do not fall directly within the scope of the Directive, the ongoing trend towards tighter regulation will significantly impact non-binding security standards and any contractually-owed standards of care. Importantly for those in scope, the Directive introduces accountability on the part of directors and other senior managers for ensuring compliance. This takes the form of monetary and other sanctions, which may create additional risks for D&O insurers through coverage issues such as regulatory defence costs and possible financial penalties (such as may be insured). Although the obligations introduced by NIS2 are not new, having already been part of many risk management duties, especially for companies heavily reliant on data processing and digital operations, insurers may seek to ensure that their policyholders are familiar with any obligations.