17th October 2024 marks the deadline, are you prepared?
In a world increasingly reliant on digital infrastructure, cybersecurity is an ever-larger concern at all levels of society. The new NIS2 directive is an updated version of the EU’s first cybersecurity directive, the NIS (Network and Information Security) directive from 2016, that takes into account the more advanced nature of cybercrime today. NIS2 entered into force in 2023 and will become binding law for all member states from October 2024, meaning if relevant EU entities don’t ensure compliance by then, they will face penalties – read on to find out if the directive applies to your organisation and what steps you should be taking to make sure you meet NIS2 requirements.
Find out what NIS2 means for your organization!
Book a Call
Who does the NIS2 directive concern?
The main thing that has changed since NIS came into effect is that cybercrime has become a more acute issue in national security, threatening critical national infrastructure. Because of this, it is important for EU entities in various sectors of society to maintain and increase cybersecurity. The new NIS2 regulation applies to medium and large-sized companies in 18sectors, an increase from the previous 8. Entities are newly divided into “essential” and “important” ones, with stricter rules applying to the essential entities.
While the original NIS directive primarily focused on sectors such as energy, transport, banking, and healthcare, NIS2 extends its reach to include additional sectors like postal & courier, chemicals, food and Information Communication Service Management. See Annex I and II of the directive for a comprehensive list of the types of essential and important entities or find a summary of it here.
What does NIS2 compliance entail?
If you’ve determined that your organisation falls under the jurisdiction of NIS2, the next steps largely involve implementation of an information security management system including risk management, supply chain security and incident reporting.
First, the current cybersecurity situation of your systems must be assessed – you may want an IT security audit from Rheintec to help with that. We offer compliance audits and cybersecurity checks to let you know where your entity’s current strengths and weaknesses lie and what your next steps should be.
Specific measures for NIS2 implementation in your organisation will depend on various factors. One requirement of the directive is continuous risk management, which may include establishing basic cyber hygiene practices and network & IT system security, among others. A major focus of NIS2 is on maintaining supply chain security, meaning the supply chain must also be evaluated to find any third-party supplier vulnerabilities that might impact your business continuity.Furthermore, cybersecurity incident reporting will become more strictly regulated.
Incidents must be reported to the national Computer Security Incident Response Team (CSIRT) – an initial report within 24 hours and a more detailed one within 72 hours. This means escalation, investigation and decision-making processes in your organisation must be well organised in order to adhere to the reporting timeline and to ensure you take appropriate actions.
How are the new rules enforced?
Supervision and enforcement are important aspects of the NIS2 directive. Competent authorities may supervise relevant entities through regular and targeted audits, on-site and off-site checks, and requests for information and access to documents or evidence. These are some of the most significant control and enforcement mechanisms.
Furthermore, sanctions are established for entities failing to meet NIS2 requirements, including specific binding instructions and orders to comply with requirements as well as significant administrative fines or even withdrawal of the operating license. These measures are all established to ensure that important and essential entities are maintaining a sufficient level of cybersecurity and that critical national infrastructure is not being put at risk.
NIS2 also encourages increased cooperation between EU member states. The directive requires the establishment of CSIRTs at both national and EU levels to facilitate information sharing, incident response and coordination of cybersecurity efforts. By developing collaboration across borders, NIS2 aims to improve the EU's collective ability to detect, respond to and mitigate cyber threats effectively.
Potential penalties & fines if you don’t comply to NIS2 requirements
Understand the potential fines and penalties that organizations face if they fail to comply with the NIS2 Directive.
How can Rheintec help?
We can help you assess your organisation’s current cybersecurity level and compliance status through an IT security audit, which will provide you a clear overview on potential gaps & vulnerabilities. Based on the initial assessment a tangible action plan can be established in collaboration with Rheintec to meet NIS2 requirements Via our secure by design architecture and associated engineering expertise, we enable your organization to transform the IT infrastructure to reach best in class security.
Additionally we offer consultation and support to establish or further develop your information security management system to ensure your organisation’s cybersecurity resilience and compliance.
Since general cyber hygiene as well as associated training and awareness of your employees is an integral part of any information security management system and specific requirement of NIS2 we provide cybersecurity training & awareness programs to educate your staff and enhance their ability to identify and respond to cyber threats effectively.
Our services and solutions are tailored to your organization and specific needs to establish a robust security framework.
In an increasingly interconnected and digitised world, cybersecurity is essential to safeguarding the stability, security and prosperity of Europe. By expanding the scope of its cybersecurity framework, promoting cooperation and coordination among member states and fostering innovation and resilience, NIS2 lays the foundation for a more secure and resilient digital future for Europe and is a testament to the EU’s commitment to safeguarding Europe's digital frontier.
Are You Ready for NIS2?
Ensure your company's NIS2 compliance and protect against cyber threats—schedule a free consultation with our experts today.