NEW: Introducing ComplyCloud AI for faster and smarter compliance.
Phishing attacks. Ransomware. Data breaches. Spoofing. Human errors resulting in exposure.
The NIS2 Directive is the result of – and the necessity for – this new cyber threat landscape.
But what is the NIS2 Directive all about? And how do you prepare for it – in time?
We’ll tell you the answers here.
NIS is short for Network and Information Security.
It’s an EU directive that defines a set of rules aimed at strengthening the overall level of cybersecurity in the EU – especially to protect critical infrastructure – as well as aligning the rules in this scope.
The first NIS Directive, established in 2016, therefore marked a significant milestone as the first EU-wide legislation dedicated to cybersecurity.
Several years down the line, the digital landscape has witnessed a big rise in threats. Largely due to the rapid digitalization and a notable surge in cyberattacks.
This has led to the development and finalization of the NIS2 Directive in 2022.
As a successor to the original NIS Directive, NIS2 seeks to address these emerging challenges by expanding its scope to cover a broader range of sectors.
As an example, this means that an EU country like Germany would go from 1,800 organizations covered by NIS1 to 29,000 organizations covered by NIS2.
It also introduces stricter compliance requirements and enhanced security protocols. This is to ensure a more resilient and secure digital infrastructure across the EU.
Every member state in the EU must transpose the NIS2 Directive into national law from October 18, 2024.
It also means that we all need to be patient and wait for a complete and final clarification of what each national law will require from the entities, if there will be different requirements of the sectors if it will affect municipalities, and so forth.
However, we know the minimum requirements that come with the NIS2 Directive. We recommend you start here as soon as possible to be as prepared as possible – and, by that, don’t have to start from scratch when we get close to the implementation deadline.
You have to comply with these 10 requirements to ensure adequate security:
Your management must follow training and you should also offer training to your employees on an ongoing basis.
This is to ensure that they get the knowledge and skills they need to identify risks. And to ensure that they can assess cybersecurity risk management practices and their impact on the services that your company offers.
NIS2 has a multi-step approach to incident notification. This is to find the balance between rapid reporting to prevent the spread of incidents and in-depth reporting to learn valuable lessons.
Covered entities have:
Since the ‘compliance countdown’ has begun, there’s neither reason nor time to start from scratch.
We, therefore, recommend that you start with the minimum requirements now. If you’d like to go more in-depth with NIS2 and how you prepare for its requirements in time, you’re more than welcome to download our NIS guide here.