Updated: Oct 17
EU member states have until October 2024 to implement the new Network and Information Security Directive – NIS2. This directive brings a number of important changes in cybersecurity. For example, the enforcement requirements will be strengthened and sanctions will be applied throughout the EU against companies and organizations that do not comply with the NIS2.
News is that NIS2 affects companies and organizations in new sectors that should now take appropriate measures in areas such as cyber risk management, penetration testing and incident management. Those who do not comply with the NIS2 face extensive financial penalties based on the companies' global turnover.
Who is covered by the NIS2 Directive?
Companies or organisations employing more than 49 people
Companies or organisations with an annual turnover or balance sheet total exceeding EUR 10 million
The NIS2 Directive expands cybersecurity requirements
The NIS2 Directive concerns the policies, processes and strategies of companies and authorities regarding cyber and information security and acts as a binding law. The directive expands the requirements for cyber security and aims to improve the efficiency of the level of security between member states. Companies and organizations will need to manage cyber risk management, control and monitoring, and incident response.
NIS2 affects more companies and societal functions
The EU wants all organisations that fulfil important societal functions to be covered by the NIS2. This means that the NIS2 also applies to sectors such as food production, waste management and other parts of the supply chain. The focus of the NIS2 directive is on cyber incidents that can lead to a risk to organisations, including incidents that can damage or hinder societal functions. Therefore, the scope goes far beyond traditional critical infrastructure organizations.
For example, in the energy sector, the scope of the NIS was limited to companies producing and supplying electricity and natural gas energy. With NIS2, we expect the supply chain, such as wind turbine manufacturers and electric vehicle charging station operators, to be included. These important changes in cybersecurity are important to know about so that you can plan your security strategy carefully.
Want to know more about how you can optimize the security of your business against cyber threats? Get in touch with us at Gridheart here and we will help you with everything you need.