NIS2 DIRECTIVE
NIS2 is a European legal framework aimed at enhancing cybersecurity within organisations. It mandates EU Member States to adopt laws that oblige companies to protect their information and infrastructure from cyber threats. This includes implementing security measures, identifying and addressing incidents, and fostering collaboration at both national and international levels. The NIS2 Directive is essential for strengthening digital security, making it crucial for companies to comply with the new legislation.
WHICH COMPANIES DOES THE NIS2 DIRECTIVE APPLY TO?
The NIS2 Directive applies to all economic entities that meet or exceed the threshold for medium-sized (€10 million revenue or 50 employees) and large (€50 million revenue or 249 employees) enterprises and that are providers of essential or important services, from any of the following sectors:
ESSENTIAL ENTITIES
Energy
Electricity
Hydrogen
Heating & Cooling District
Oil
Gas
Transportation
Air transport
Rail transport
Water transport
Road transport
Banking
Financial Market
Health
Drinking water
Wastewater
Digital Infrastructure
Public Administration
ITC services management (B2B)
Space
ESSENTIAL ENTITIES
Energy
Electricity
District Heating and Cooling
Hydrogen
Oil
Gas
Transportation
Air transport
Rail transport
Water transport
Road transport
Banking
Financial Market
Health
Drinking water
Waste water
Public Administration
Digital Infrastructure
ITC services Management (B2B)
Space
Post & Courier
Waste Management
Chemicals Production& Distribution
Food production, processing and distribution
Production
Medical devices
Computers
Electronic & optical products
Machinery and equipment n.a.p
Electrical equipment
Motor vehicles, trailers & semi-trailers
Transportation equipment
Digital Suppliers
Research
IMPORTANT ENTITIES
IMPORTANT ENTITIES
Post & Courier
Waste Management
Chemicals Production & Distribution
Food production, processing and distribution
Computers
Production
Electronic & optical products
Medical devices
Machinery and equipment n.a.p
Motor vehicles, trailers & semi-trailers
Transportation echipament
Electrical equipment
Digital Suppliers
Research
NIS2 APPLIES TO ME. WHAT SHOULD I DO NEXT?
Every organisation affected by NIS2 should take the following steps. We can offer you a helping hand with a free personal consultation. Do not hesitate to contact us.
GAP ANALYSIS
Identify the differences between an organization’s current state of cyber security and the requirements imposed by the NIS2 Directive
RISK ANALYSIS
Identification and assessment of risks
BIA AND BCM IMPACT STUDIES
Business Impact Analysis and Business Continuity Management
RISK MANAGEMENT PLAN
Comprehensive security strategy with added value
IMPLEMENTATION OF MEASURES
Technical, personnel and organizational measures
MEASURES EFFECTIVENESS EVALUATION AND AUDIT
CONSEQUENCES OF NON-COMPLIANCE WITH THE DIRECTIVE/ IMPOSED PENALTIES
ESSENTIAL ENTITIES
A maximum value of
10 million euros or
2% of the global annual turnover.
IMPORTANT ENTITIES
A maximum value of
7 million euros or
1.4% of the global annual turnover.
ASSISTANCE & SUPPORT
WHY NIS2 WITH DATANET?
- We guide you through the entire process of implementing security measures and ensuring compliance with applicable legislation.
- We provide you with a comprehensive view of security within your company.
- We can help you with any human resources gaps for specific security positions.
- With us, your data is reliably protected at the highest level in accordance with current legislation.
- Our team consists of cybersecurity professionals with numerous security certifications.
Partnerships concluded with cybersecurity auditors, authorized by the National Cybersecurity Directorate.
We offer a wide range of security solutions backed by years of experience.
Thanks to our multinational presence, we are able to meet a wide range of different requirements and adapt to the local context.
CONSULTING & DEDICATED EXPERTISE
FAQs about NIS2 or what you need to know about the Directive
What is the NIS2 Directive?
The NIS2 Directive (Network and Information Systems Directive 2) is an updated EU legislation that replaces the original NIS Directive. The goal is to increase the level of cyber security of EU member states and improve the protection of the infrastructure of essential and important enterprises.
Who does the NIS2 Directive apply to?
NIS2 expands the scope of the original NIS directive. It now covers a wider range of sectors, including health, energy, transport, waste and water management, financial and digital services such as cloud providers, and online marketplaces. In the manufacturing sector, the NIS2 Directive affects manufacturers of medical devices, machinery, electronic equipment, motor vehicles, and other transport means.
What measures should organizations take under NIS2?
Organizations should, for example:
- Identify and record security incidents.
- Develop incident response procedures and recovery plans.
- Conduct a comprehensive risk analysis.
- Implement an adequate set of security measures.
- Appoint a cybersecurity officer and a person responsible for receiving and recording reports.
- Provide regular training for staff on cyber security.
Leave the implementation to the experts. Contact Datanet!
What will be the penalties for non-compliance?
Failure to comply with the requirements can lead to significant financial penalties. For critical service operators, fines can reach up to €10 million or 2% of net global annual turnover, whichever is higher. For essential service operators, the fine can go up to €7 million or 1.4% of turnover. The supervisory authority has the option to impose repeated fines up to double the stated limits (up to a maximum of 20 million EUR). For critical service providers, penalties can also include a ban on holding statutory positions.
When will the new obligations come into effect?
The planned effective date is January 1, 2025. The newly obligated organisations will have 12 months to comply with all the requirements.
How will NIS2 affect small and medium-sized businesses (SMBs)?
NIS2 focuses mainly on larger organizations and those that provide key services. However, some SMEs that are critical to specific sectors or supply chains may also be required to comply with this Directive.
GET YOUR FREE CONSULTATION
Not sure where to start? Leave us your contact details and one of our experts will get in touch to help identify the steps your company should take and how we can help.
ARTICLES
NIS2 Directive Approaches the Finish Line: What Steps Are Needed for Compliance?
Scheduled to become law across all European Union member states in this fall, the NIS 2 Directive imposes stringent cybersecurity obligations on a wide spectrum of medium to large enterprises and other entities identified as significant by regulatory authorities ….
