What is the NIS2 Directive?

NIS2 stands for "Network and Information Systems Directive 2" and is a European standard aimed at improving cybersecurity across EU countries.

It is targeted towards companies and organizations that provide digital services as well as critical infrastructure, and which can have a significant impact on the functioning and security of society. This includes sectors such as energy, transportation, healthcare, finance, and water, as well as digital service providers such as cloud services and online marketplaces.

NIS2 requires these companies and organizations to implement a high level of cybersecurity, which includes identifying and managing cybersecurity risks, ensuring continuous operation, and reporting security breaches within 24 hours.

Compliance with NIS2

The consequences of non-compliance with NIS2 can include fines and sanctions, as well as loss of reputation and customers. Additionally, companies and organizations may be required to disclose security breaches, which can further damage their reputation and finances.

  • Significant entities can be fined a minimum of €10,100,000 or 2% of their global annual turnover.
  • Major entities can be fined a minimum of €7,000,000 or 1.4% of their global annual turnover. 

To comply with NIS2, companies and organizations need to assess their cybersecurity risks and implement appropriate measures to protect their networks and information systems. They should also ensure continuous monitoring of their systems and provide cybersecurity training to their personnel.

Read about how the NIS2 Standard is implemented HERE

Who must comply with NIS2?

The standard primarily targets "essential" and "important" entities in critical sectors. These sectors are:

  • Energy
  • Transport
  • Banking and Financial market infrastructures 
  • Health
  • Drinking and waste water
  • Digital infrastructure and ICT service management (B2B)
  • Public administration
  • Space

Other critical sectors

  • Postal and courier services 
  • Waste management 
  • Production, processing and distribution of food

And manafacture of medical devices and in vitro diagnostic medical devices. Also enteties, who carries out any of the economic activities referred to in section C division 26-30 of NACE Rev. 2

Benefits of the NIS2 Standard

By strengthening cyber security and complying with NIS2, companies minimize the risk of cyber attacks and promote smooth trade in the EU.

It improves incident management, risk management and IT resilience, while strengthening cooperation on cyber security and protecting against potential sanctions. It can also improve the company's reputation.