Cybersecurity, Data Security, IT Services for Companies, IT Services for doctors and healthcare professionals, IT Services for legal firms and lawyers

Understanding NIS2: The New Cybersecurity Directive

NIS-2: Was jedes Unternehmen wissen muss

NIS2 is the EU’s latest cybersecurity directive.

Find out how it impacts businesses across key sectors and get insights on compliance, management responsibilities, and practical steps to prepare your company for the upcoming changes in 2024.

What is the NIS2 directive all about?

Think of NIS2 as an upgrade to the EU’s cybersecurity rules. It builds on what was started with NIS1 back in 2016. NIS2 aims to take things up a notch, pushing for greater security and collaboration across all EU countries.

What is the aim behind the new directive?

The main aim of NIS2 is to improve cyber resilience and guarantee consistent protection for networks and information systems by standardising cybersecurity measures across the EU.

NIS2’s primary goals are to:

  • Enhance the resilience of critical infrastructure.
  • Improve incident response capabilities.
  • Promote stronger cooperation among member states.

When does NIS2 go into effect?

EU member states must adopt NIS2 into national law by October 2024. Companies covered by NIS2 must enhance their cybersecurity capabilities to comply by the same deadline.

Wondering if your business is impacted by NIS2?

NIS2 is going to have an impact on a wide range of businesses, specifically those in eighteen key sectors. Although it mainly targets large and medium companies, in some specific cases, it also applies to certain small and micro businesses. Whether you are running a large operation or a smaller outfit in one of these critical areas, this new regulation is something you will need to get on board with.

What is the difference between “essential” and “important” sectors?

Both “essential” and “important” sectors are considered crucial for the survival of the European economy, with essential industries receiving a higher criticality rating. If your business falls into any of these categories, it’s crucial to ensure you’re in line with the new directive.

Essential Sectors include transport, banking, finance, drinking water supply, health, energy, digital infrastructure (data centres), public administration, space and wastewater.

Important Sectors include digital providers, postal services, manufacturing, waste management, food, chemicals, and research.

How Does NIS2 Differ from NIS1?

The new directive NIS2 sets stricter security measures and reporting obligations. NIS2, which was first submitted by the EU Commission in 2020, expands the scope of the original NIS1 Directive by including more industries and entities.

  • NIS1 originally covered seven essential sectors: energy, transport, banking, finance, healthcare, drinking water supply, and digital infrastructure (data centres).
  • NIS2 expanded to include four new essential sectors: space, public administration, ICT service management (business-to-business), and wastewater.
  • NIS2 expanded to include seven new important sectors: digital providers, postal services, manufacturing, waste management, food, chemicals, and research.

It also introduces more rigorous supervisory measures and penalties for non-compliance to provide adherence to the directive.

As a manager or business owner, NIS2 brings new responsibilities your way. The directive emphasizes that leaders are personally liable if their companies don’t meet the required cybersecurity standards.

NIS1 and NIS2 comparison Infographic

Why Should You Care About NIS2?

To align with NIS2, you will likely need to take a good look at your current cybersecurity setup and make some updates. This could mean rolling out more advanced security measures, training your team to be more aware of cyber risks, and ensuring that everyone understands the importance of these new requirements.

What happens if you don’t comply with NIS2?

Failure to comply with NIS2 can result in significant financial and legal repercussions. Businesses may face substantial fines and legal actions, potentially damaging their reputation and leading to operational disruptions.

What You Can Do Today to Get Ready.

By getting ahead of the game with NIS2, you’re not just avoiding potential fines—you’re also putting your business in a stronger position to handle whatever cyber threats come your way. It’s about more than compliance; it’s about safeguarding your future.

Here are a few tips to help you prepare.

  • Conduct regular cybersecurity audits.
  • Get a regular comprehensive risk assessment.
  • Take steps to ensure prompt incident reporting.
  • Developing and maintaining cybersecurity policies and procedures that align with the directive’s standards.

Visit our IT security section for guidance on safeguarding your practice. We provide essential information and solutions to protect your patients’ data and uphold their trust.

Need assistance assessing your business’s NIS2 compliance?

Let’s sit down and talk about what NIS2 means for your business. Whether it’s a quick check-up or a complete overhaul of your cybersecurity practices, We are here to help you get compliant and stay secure. Reach out, and we will take it from there.

Request our IT audit today and take the first step towards a more resilient IT infrastructure. You can schedule your audit right away by calling us at +43 1 22 66 22 66 or send us a message with your request.

Additional Resources:

For further reading, look at the following documentation on NIS2 and cybersecurity guidelines.

Explore our other articles on cybersecurity trends and best practices to stay informed and protected.

Mauro Caprioli