Who we are What we do
Insights / Articles
NIS2
Feb 13, 2026
1 min read
Articles

Bulgaria Adopts NIS2: Key Changes for the Business

Bulgaria updates its Cybersecurity Act with NIS2, bringing stricter obligations and new reporting rules for businesses.

Bulgaria has adopted significant amendments to the Cybersecurity Act*, including the EU’s second Network and Information Security (NIS2) Directive into the national legal framework. 

The adoption of these legislative changes aims to establish safeguards and create opportunities for stronger cyber resilience. It introduces effective measures to resist cyberattacks, with specific attention to major economic actors and public authorities.  

What are the key changes, and what can Telelink Business Services do for you in accordance with them? 

 Key Changes  

What is the scope of the new legal changes? Here is a simplified shortlist you need to acknowledge: 

  • Extended personal scope of application. 
  • Personal liability for senior management for securing cyber resilience. 
  • Incident reporting that requires an early warning after becoming aware of a significant incident. 
  • Transparency across supply chains. 
  • Audit-ready security operations. 

What can Telelink Business Services do? 

How can Telelink Business Services help you navigate your organization through the new law changes? We provide professional and tailored: 

  • Analyses and evaluation of existing procedures 
  • Gap analyses 
  • Strategy plan 
  • Audits and inspections  
  • NIS 2 Cybersecurity Awareness Trainings  

Every organization has its own structure and procedures, which is the reason why the way to comply with NIS2 must be tailored accordingly. A sustainable approach starts with a comprehensive evaluation of its current state, followed by selecting the right strategy plan to implement appropriate policies and technologies.  

Conclusion 

With the new NIS2 amendments, Bulgaria moves decisively from delayed alignment toward active legal enforcement. The coming months will reveal which organizations are prepared to demonstrate control, resilience, and accountability. With the right approach and instruments, this transition can be made functional and long-term effective.  

*The Act introduces into the Bulgarian legislation the requirements of Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (“NIS 2 Directive”). 

About the author
Елена Машева

Read More

Articles

Kubernetes — The Orchestrator!

28 min read Read more
Articles

What is DevOps?

13 min read Read more
Articles

The Cloud — what is it? Cloud services and platforms

12 min read Read more