What is NIS-2?
NIS-2 represents the second stage of the EU Cybersecurity Directive and brings your organization up to date. Find out how this directive modernizes the existing legal framework and what impact it will have on cybersecurity in the EU.
The NIS-2 Directivewhich came into force in 2023, represents a significant development in EU cybersecurity legislation. But what is NIS-2 and why is it important?
NIS-2 background
Learn how the NIS 2 Directive, which came into force in 2023, has revolutionized the EU's cybersecurity landscape. Dive into the world of networks and information systems (NIS) and understand how this directive modernizes the existing legal framework to meet the challenges of increasing digitalization and evolving threat landscape.
Objective and mode of operation
Discover the fundamental objectives of NIS-2, from preparing Member States to promoting cooperation through the establishment of cooperation groups. Learn how the directive establishes a culture of security in key sectors and strengthens resilience to cyber threats.
Application to companies
Which companies must comply with the NIS 2 Directive? We highlight the criteria that must be met by operators of critical services and digital service providers. From classification to security requirements - find out how your company could be affected.
Our comprehensive guide will give you all the information you need to know about NIS-2 to strengthen your company's cyber security.
How does NIS-2 work?
The NIS-2 Directive (Directive on measures for a high common level of cybersecurity across the Union) is designed to strengthen cybersecurity in the European Union and adapt the existing legal framework to the challenges of increasing digitalization. Here is an overview of how NIS-2 works:
- Preparation of the Member States:
NIS-2 requires Member States to be adequately equipped. This includes the establishment of a Computer Security Incident Response Team (CSIRT) and a competent national authority for network and information systems (NIS). - Cooperation between Member States:
A Cooperation Group is established to support and facilitate strategic cooperation and information sharing between Member States. The cooperation extends across different levels in order to respond effectively to cyber threats. - Culture of safety in key sectors:
The directive promotes a culture of security in sectors that are crucial to the economy and society and are heavily dependent on information and communication technologies (ICT). These include energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure. - Obligations for companies:
Companies that are classified as operators of essential services must take appropriate security measures and inform the competent national authorities of serious incidents. This also applies to important providers of digital services such as search engines, cloud computing services and online marketplaces, which must comply with security and notification requirements.
NIS-2 aims to increase the overall levels of cyber security in the EU by targeting preventive measures, response capabilities and cooperation between Member States. Companies and public authorities must actively implement the directive to protect digital infrastructure from cyber threats.
Who needs to have NIS-2?
Find out whether your company is considered a critical service operator or digital service provider. Which criteria play a role? From the Industries to social significance - we help you to understand whether NIS-2 applies to your company.
The NIS 2 Directive covers several key industries that are critical to European cybersecurity. The sectors affected include:
- Energy: Companies in the energy sector, including electricity and gas suppliers, fall under the scope of the NIS 2 Directive.
- Transportation: These include transport companies that offer road, rail, air and sea transportation services.
- Water: Operators of water services that are responsible for water supply and wastewater disposal are also affected.
- Banks and financial market infrastructures: Financial institutions, banks and companies that are part of the financial market infrastructure must comply with the NIS 2 Directive.
- Healthcare: This includes healthcare organizations that use digital systems for patient care and administration.
- Digital infrastructure: Companies that provide digital services and infrastructures, such as cloud computing services, online marketplaces and search engines, are also affected.
The NIS 2 Directive aims to achieve this, Cybersecurity measures in these key sectors to improve resilience to cyber threats. It is important that companies in these sectors understand the requirements of the directive and take appropriate security precautions.
