The EU NIS2/RCE regulations aim at protecting critical infrastructures including in the financial sector. Although these regulations have not been published in their final versions Germany has been a first mover by already releasing its local implementation called IT Security Law 2.0. This talk introduces the synergies and differences between NIS2/RCE and PCI DSS on the example of the German regulation and provides practical insights from assessments in financial environments where both applied.