A Mexican water utility disclosed eleven days of read-only access enabled by LLM-assisted reconnaissance. European sectoral SOCs face the same threat class within months. Behavioral baselines tuned to manual probing no longer detect the new tempo.
Q1 2026 NIS2 Article 21 audits across nine EU member states surfaced three implementation patterns: supply-chain flow-down versus technical validation, encryption-at-rest scope, and governance documentation depth. The divergences will narrow with ENISA Q4 guidance.