Is Your Organization Ready for JMD 1689/2025?
The cybersecurity landscape in Europe is rapidly evolving. With the NIS2 Directive now formally adopted across the EU, businesses in Greece are facing new, far-reaching obligations under Joint Ministerial Decision (JMD) 1689/2025. This ministerial decision, enacted under Law 5160/2024 which transposes NIS2 into the Greek Law, marks a significant shift in how both public and private sector organizations must manage cybersecurity risk, incident response, and accountability.
To help organizations navigate this directive, ADACOM has released a new playbook: "ADACOM NIS2 Playbook: From Legislation to Resilience" This practical guide breaks down the law, outlines what’s expected, and provides actionable advice for compliance, going beyond checklists to help you embed cybersecurity into the fabric of your organization.
Why JMD 1689/2025 Matters Now
The JMD 1689/2025 is the national legal mechanism that details how Greek businesses that fall under the requirements of NIS2 Directive should ensure compliance. NIS2 extends cybersecurity obligations to a broader range of sectors, now covering 18 critical and important service areas, including energy, healthcare, finance, and digital infrastructure.
Unlike earlier frameworks, NIS2 (and therefore, JMD 1689/2025) introduces a governance-centric approach that places executive accountability at the core. Under the new law, senior management is no longer a bystander. It must oversee cybersecurity strategies, allocate resources, and ensure that risk management processes are actively implemented and continuously improved.
Compliance Is About More Than Just Checking Boxes
Meeting the minimum legal obligations, such as appointing an Information and Communication Systems Security Officer (ICSSO), developing cybersecurity policies, or reporting incidents within 24 hours, is essential. But true resilience comes from going beyond what’s required on paper.
As the playbook outlines, one of the most critical shifts is understanding that cybersecurity is no longer the exclusive domain of IT. Leadership involvement, a well-defined governance framework, continuous monitoring, and employee training are all essential to long-term protection and regulatory readiness.
Common Pitfalls - and How to Avoid Them
Many organizations fall into the trap of treating compliance as a static goal. But cybersecurity is a moving target. According to the playbook, there are several shortfalls within the current regulatory framework - including insufficient guidance on separating IT operations from security oversight, and the potential for underutilized ICSSO roles.
Organizations that appoint ICSSOs but fail to empower them with authority, resources, and strategic direction risk non-compliance and exposure to cyber threats. The ICSSO must be more than a name on an org chart - they must be the engine of your cybersecurity program, performing regular risk assessments, leading incident response efforts, and coordinating with both technical and executive teams.
How ADACOM Helps You Go Beyond Compliance
ADACOM plays a key role in helping Greek organizations meet - and exceed - JMD 1689/2025 requirements. The playbook explores how ADACOM’s services are aligned with the law’s core pillars:
- Governance & Consulting: From defining the ICSSO role to building a comprehensive cybersecurity policy, ADACOM helps structure your internal governance for compliance and resilience.
- Managed Security Services: Their SOC offers real-time threat detection, incident response, and AI-powered insights to keep your organization protected 24/7.
- Incident Response & Assurance: Be prepared to respond to threats with tabletop exercises, penetration testing, and audit support.
- Trust Services & PKI: Ensure secure communications and authentication with digital certificates and eIDAS-compliant solutions.
- Training & Awareness Programs: Equip both executives and employees with the knowledge needed to fulfill their roles in cybersecurity.
Take the First Step Toward Resilience
Whether you’re just starting your compliance journey or reevaluating your current posture, this playbook is a must-read for any organization operating under Greece’s NIS2 transposition law.
Download your copy of “ADACOM NIS2 Playbook: From Legislation to Resilience” and discover how to transform compliance from a burden into a business enabler.
Download the playbook here: Playbook