NIS2 stands for Network and Information Security. It is an extension of the EU directive NIS1 to strengthen cybersecurity in critical sectors in Europe.
NIS1 came into force in 2018. It required public authorities, operators of critical infrastructure (e.g. energy and transportation) and service providers (e.g. e-commerce platforms and social networks) to strengthen cybersecurity efforts. They were also required to report serious security incidents to the authorities.
However, it turns out that member states have interpreted and therefore implemented the rules behind NIS1 differently. As a result, the directive has not reduced the cyber threat to the EU to the extent necessary, and NIS2 will now remedy this.
NIS2 sets requirements for governance, risk management, business continuity and reporting to authorities, and the directive has been expanded to include more sectors and thus companies.
An important element is also a tightening of management responsibility. The work with cybersecurity must be anchored in management, and executive boards and boards of directors can face sanctions if they do not meet the requirements.
You can find out more about the new legislation on these pages:
You can read more right here.
You are also welcome to contact us for a no-obligation meeting if you want to know more about cyber security and what the new requirements could mean for your business.