Cognitive Load and Compliance: A Human-Centric Framework for NIS2 in Latvian SMEs

Open Access
Article
Conference Proceedings
Authors: Imants BreidaksHenrijs KalkisAnton Semenov
Abstract

The transposition of the EU NIS2 Directive into Latvia’s National Cybersecurity Law (NKDL) significantly expands the scope of regulation: from ~1,000 to ~8,000 organizations, many of them SMEs without dedicated security teams. The aim of this paper is to develop a human-centric compliance framework for Latvian SMEs that operationalizes selected NIS2/NKDL cybersecurity requirements through a cognitive-load perspective. This paper frames NIS2 compliance as a cognitive ergonomics problem and develops a low-friction “NIS2 Compliance Starter Pack” that reduces response cost while preserving auditable evidence. Using a socio-technical synthesis, NKDL obligations are mapped to pragmatic controls and to workload indicators derived from the NASA Task Load Index (NASA-TLX). The developed framework prioritizes secure by default interventions - such as default multi-factor authentication, automated security nudges, and micro learning - over high-intensity training that often produces fatigue and workarounds. Sustainable cyber resilience is treated as an engineered property of the work system rather than a checklist outcome.

Keywords: NIS2 Directive, Human Factors, Cognitive Load, SMEs, Cybersecurity, NASA-TLX

DOI: 10.54941/ahfe1007408

Cite this paper
Downloads
0
Visits
1
Download PDF

More from this volume

A Human Factors-Cyber-Safety Framework for Risk and Requirements in Critical InfrastructureEye tracking study to analyze context encoding during phishing decision making
View all articles in Human Factors in Cybersecurity