Strengthening cybersecurity through the EU's NIS2 Directive

The cybersecurity landscape is constantly evolving, and cyberattacks are growing in number, scale and sophistication.

 

Even though businesses increase their security budgets and try to adopt more advanced defence mechanisms, keeping up with these threats will continue to be a challenge in the upcoming years.

 

To respond to the growing threats that come with increased digitalisation and cyberattacks, the European Union has recently passed the Network and Information Systems (NIS) 2 Directive.

 

In this article

NIS-2-Quote

What is the NIS2 Directive about?

 

The new EU Directive, NIS2, imposes stricter legal requirements for cybersecurity in Europe with the goal of:

 

  • Strengthening cyber-resilience of a comprehensive set of businesses operating in the EU across all relevant sectors,
  • Achieving a managed security posture maturity,
  • Addressing the security of supply chains,
  • Streamlining reporting obligations,
  • Introducing stricter supervisory security measures
  • And achieving deep-rooted cyber resilience in Europe.

The NIS2 Directive brings legal requirements for cybersecurity risk management measures and reporting obligations.

 

It’ll help around 160,000 entities tighten their grip on security and make Europe a safe place to live and work. It will also enable information sharing with the private sector and partners around the world.

How does the NIS2 Directive boost the overall level of cybersecurity in the EU?

 

The NIS2 Directive provides legal measures to increase cybersecurity in the EU by ensuring and

 

  • Building on the NIS1 strategy on the security of network and information systems to ensure Member States are appropriately equipped and prepared,

  • Establishing corporation and information exchange among all the Member States by setting up The Network and Information Systems Coorporation Group ,

  • Creating a culture of security across 7 sectors vital for the economy and society that also rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure. 

What is different compared to the NIS Directive?

 

  • Compared to the previous regulatory framework, the scope has been extended to "all medium-sized and large entities active in the sectors covered by the NIS2 framework which would hence have to comply with the security rules put forward in the proposal".
  • Additionally, cybersecurity governance takes on a stronger role for NIS2 than it did for NIS Directive, with approval and supervision duties imposed on the top-level management.

What is the deadline for the NIS2 Directive?

 As this is a directive and not a regulation, European member states must transpose the new act into national law by 18 October 2024.

 

NIS 2

What are the key provisions of the NIS2 Directive? 

 

The NIS2 Directive aims to adapt to the current needs and make it future-proof. It introduces several key provisions that aim to enhance organisations’ cybersecurity in the EU. These include: 

 

  1. Expansion of Scope

One of the most significant changes introduced by the NIS2 Directive is the expansion of scope. The directive applies to a broader range of organisations than the previous iteration, including online marketplaces, search engines, and cloud computing services.

 

This expansion of scope aims to ensure that a more extensive range of organisations is held accountable for the security of their networks and information systems. 

 

  1. Cybersecurity Incident Reporting

Under the NIS2 Directive, organisations that provide essential services must report any significant cybersecurity incidents to the relevant national authority. This provision aims to improve the response time to cyber threats and ensure that member states have a comprehensive overview of cybersecurity incidents across the region.

 

It is worth noting that some member states already have mandatory reporting requirements in place, and the NIS2 Directive builds upon these requirements. 

 

  1. Strengthening of Security Requirements

The NIS2 Directive also strengthens the security requirements for organisations that provide essential services. These requirements include implementing appropriate technical and organisational measures to ensure the security of their networks and information systems.

 

They must also ensure effective incident response plans are in place to mitigate the impact of any cybersecurity incidents. 

 

  1. Certification Schemes

The NIS2 Directive introduces a framework for creating certification schemes for cybersecurity products and services. These schemes will help identify and select products and services that meet a high level of security requirements.

 

They will also promote the development of cybersecurity products and services that meet the needs of the EU market. 

 

You might also be interested in reading What Every Business in the EU Needs to Know About the NIS2 Directive

 

2023042_CPM Webinar_The Road to customers hearts and minds_Video Placeholder

External Content: YouTube Video

In order to be able to play the desired video, you agree that a connection to the servers of YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA is established. This transmits personal data (device and browser information (in particular the IP address and operating system) to the operator of the portal for usage analysis.

You can find more information about the handling of your personal data in our privacy policy.

 

What are the benefits of the NIS2 Directive?

 

The NIS2 Directive offers several benefits for organisations across the EU. These include: 

 

  1. Improved Cybersecurity

By expanding the scope of the directive and strengthening the security requirements for organisations, the NIS2 Directive aims to improve overall cybersecurity in Europe. This will help to mitigate the risk of cyberattacks and ensure that organisations are better prepared to respond to cyber threats. 

 

  1. Increased Cooperation

The NIS2 Directive promotes cooperation between member states and encourages sharing information about cybersecurity incidents. This increased cooperation will help member states to respond more effectively to cyber threats and improve overall resilience.

 

  1. Promotion of Innovation

The NIS2 Directive promotes the development of cybersecurity products and services that meet the needs of the EU market. This will help to stimulate innovation in the cybersecurity industry and create new opportunities for businesses in the region. 

 

What is next?

 

The NIS2 Directive is a significant step forward in improving cybersecurity across the EU.

It’ll help businesses across different industries be appropriately equipped and prepared for cyber-attacks and establish a culture of security.

 

According to the European Commission, The Directive will be transposed by the Member States by 17 October 2024 (21 months of entry into force of NIS2). The Commission then will periodically review the functioning of the Directive and report on this for the first time by 17 October 2027 to the Parliament and to the Council.

 

 

How can DataGuard help?

At DataGuard, we help businesses enhance their security posture. Whether you’re looking for industry-specific advice, support to set up your information security management system or lower the chance of a costly breach, we help you get things done right. Get in touch with our experts today to find out more.

About the author

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk