National Cybersecurity Requirements Framework (S3): a New Era for Security in the Digital World

What every business needs to know in 2025 – Full guide by EMD Infotech

What is S3 and why is it relevant to every modern business?

In 2025, cybersecurity enters a new era with the implementation of the National Cybersecurity Requirements Framework (S3), which is the key tool for the implementation of the European NIS2 Directive (Directive 2022/2555/EU).S3 sets out specific obligations and measures for organisations that are considered “key” and “important entities” and operate in critical sectors of the Greek economy and society.

The new Greek legislation (Law 5160/2024 and relevant ministerial decisions of May 2025) is directly binding and affects public, but mainly PRIVATE businesses operating in:

• Telecommunications

• Energy

• Health

• Transport

• Information technologies

• Financial services

• Food

• Water management

• Critical industrial infrastructure

• Plenty of other sectors, including the hotel and tourism business

What changes with S3 and the new legislation?

It is now required:

• Holistic risk management: Policies, procedures and measures based on international standards (ISO, NIST, etc.), with documentation of all actions.

• Explicit management responsibility: top management bodies (Board, CEO, etc.) are now personally responsible for implementation and accountability.

• Continuous risk assessment and management: regular review of threats, measures and incident response plans.

• Safety policies & procedures: Mandatory existence and regular updating of policies for access, account management, encryption, encryption, backups, physical and environmental security, vendor partnerships, software development, etc.

• Designation of a Safety Officer (SHO): a mandatory role in every entity reporting directly to management.

• Independent checks and tests: Annual internal/external audits and penetration testing.

• Continuous staff training: Awareness and technical training programmes for all staff.

• Incident management and notification: Recording, analysis and mandatory reporting of cybersecurity incidents to competent authorities.

More specifically for Hotels & Tourism Businesses

Very often hotel businesses handle critical customer data, online booking processes, payment systems, and smart hospitality technologies (smart rooms, self check-in, etc.). Compliance with S3 is legally mandatory and will now be audited on a regular basis.

Who is at risk if they do not comply?

• Fines and legal sanctions

• Loss of partnerships/contracts

• Damage to reputation

• Real operational risk (downtime, data loss)

How can EMD Infotech help?

EMD Infotech provides a complete package of cybersecurity compliance and management services, which includes:

• Initial Audit – gap analysis: investigation of the current situation and weaknesses of your business in relation to S3/NIS2 requirements.

• Preparation and updating of security policies: We prepare tailor-made policies and procedures (for access, asset management, incidents, encryption, backups, supply chain, etc.).

• Technical implementation of measures: we install and configure endpoint protection systems, firewalls, MFA, data encryption, etc.

• Staff and management training: seminars and online workshops, tailored to the role of each team.

• Conduct penetration tests and vulnerability assessments: annual or ad hoc audits, with full reporting and suggestions for improvement.

• DPO/CISO-as-a-Service: permanent or on-demand consultancy to maintain compliance.

• Incident management and reporting support: immediate response to incidents and guidance on mandatory incident notification.

The next steps for each business:

1. Contact EMD Infotech directly for a first update and free compliance assessment.

2. Start with a complete inventory of your assets, systems and processes.

3. Train and raise awareness among your staff.

4. Adopt international cybersecurity standards and practices.

5. Keep active engagement with experts as the threat landscape is constantly changing.

EMD Infotech is here to ensure that your business is shielded, compliant and ready for the digital future.

For any questions or support requests, please contact our team.

For contact click here

More Information