Annex I — Essential Entities · Transport

🚂NIS2 for Rail Transport — deadlines, obligations, fines

Rail Transport fall under NIS2 (Directive (EU) 2022/2555 + Romanian Emergency Ordinance 155/2024). See Art.21 obligations, deadlines, max fines and compliance roadmap for Annex I.

📋 Key obligations

▸ ERTMS + CCTV + signalling cybersecurity
▸ SOC pentru CFR + private operators
▸ Plan continuitate pentru disruption pe rute
▸ Audit anual sistem semnalizare
▸ Securizarea sistemelor de booking + plată

⚠️ Typical threats

• Atac pe ERTMS / semnalizare
• Ransomware pe ticketing online
• Insider threats operatori

💰 Maximum fines

Max 10 mil. EUR sau 2% cifra afaceri

📊 Romania compliance status

CFR Călători + CFR Marfă în early stage. Privații (TIS, GFR) mai avansați.

🛡️ How CAI Technology helps

AEGIS — Observability + SecOps with AI

Unified SIEM for on-premise DCs: logs + metrics + threat detection + AI incident analysis.

ARTEMIS — AI Pentest · Hunt · Reveal · Strike

Autonomous pentest platform with 5 AI agents and 6 audit types. From 2€ per scan, no subscription.

Lexnomia — EU Compliance Audit Platform

Self-serve compliance audit across 7+ EU regulations: GDPR, NIS2, DORA, EU AI Act, ISO 27001, CRA, DSA.

Are you in the rail transport sector?

Free NIS2 audit for companies with 50+ employees. We reply within 24 business hours.

Request audit →