NIS2 stands for "Network and Information Systems Directive 2" and is a European standard aimed at improving cybersecurity across EU countries.
It is targeted towards companies and organizations that provide digital services as well as critical infrastructure, and which can have a significant impact on the functioning and security of society. This includes sectors such as energy, transportation, healthcare, finance, and water, as well as digital service providers such as cloud services and online marketplaces.
NIS2 requires these companies and organizations to implement a high level of cybersecurity, which includes identifying and managing cybersecurity risks, ensuring continuous operation, and reporting security breaches within 24 hours.
The consequences of non-compliance with NIS2 can include fines and sanctions, as well as loss of reputation and customers. Additionally, companies and organizations may be required to disclose security breaches, which can further damage their reputation and finances.
To comply with NIS2, companies and organizations need to assess their cybersecurity risks and implement appropriate measures to protect their networks and information systems. They should also ensure continuous monitoring of their systems and provide cybersecurity training to their personnel.
Read about how the NIS2 Standard is implemented HERE
The standard primarily targets "essential" and "important" entities in critical sectors. These sectors are:
Other critical sectors
And manafacture of medical devices and in vitro diagnostic medical devices. Also enteties, who carries out any of the economic activities referred to in section C division 26-30 of NACE Rev. 2
