NIS 2 Solutions

NIS 2 is the most stringent cybersecurity legislation in the European Union (EU).

The EU has introduced new cybersecurity legislation called the Network and Information Systems Security Directive 2 (NIS 2). This Directive represents a significant improvement on the existing NIS Directive, as it obliges EU member states to adopt and rigorously enforce stricter cybersecurity regulations.

Deadlines: By October 17, 2024, Member States must adopt and publish the measures necessary to comply with the NIS 2 Directive. They must implement these measures as of October 18, 2024.

Access the complete NIS 2 Directive.

NIS 2 applies to all organizations that play a crucial role in the EU economy and society by providing essential or important services. If an organization meets certain criteria, such as having more than 50 employees and a turnover of more than €10 million, it must comply with the directive.

Risk of personal liability of managers: ‘the management bodies of essential and important entities may be assisted in the event of non-compliance’ (Article 20).

Public and private entities in specific sectors: Postal and courier services, Waste management, Chemicals, Food, Healthcare manufacturing, IT and electronics, Machinery, Motor vehicles, Energy, Transport, Banking, Financial market infrastructures, Healthcare, Drinking water supply and distribution, Digital infrastructures, Online marketplaces, Online search engines, Cloud computing services.

Contact us to find out if your company is subject to the NIS 2 Directive.

Improve resilience against cybercrime.

The new NIS 2 Directive aims to improve the resilience and incident response capabilities of both the public and private sectors. The Directive focuses specifically on combating cybercrime and improving both European and national cybersecurity management.

NIS 2 was published in the EU Official Journal on December 27, 2022 and enters into force 20 days later. Member states have 21 months to transpose it into national law.

Yes, non-compliance with NIS 2 may result in sanctions for the management bodies of essential and important entities.

Possible sanctions include:

• Disclosure of aspects of non-compliance, identity of responsible person, etc.
• Suspension of certifications and authorizations.
• Temporary disqualification from management positions.

NIS 2 expands the scope of companies and organizations that must comply with it and updates EU cybersecurity requirements.

It establishes clear responsibilities for senior management, addresses breach notification and, for the first time, imposes personal liability on managers in the event of non-compliance. In short, NIS 2 improves and details cybersecurity guidelines compared to the NIS.