What does the NIS2 EU Directive entail?
NIS2 is a revised version of the EU’s requirements for network and information security, which imposes measures on selected sectors to manage cybersecurity risks. The new directive aims to make European companies better equipped to deal with future cybercrime.
In general, the new and amended security requirements include:
- Requirements for encryption, as well as risk assessment and mapping of internal processes and those of subcontractors.
- Requirements for reporting IT security incidents to supervisory authorities.
- Requirements for management’s awareness of the directive’s requirements and the company’s implemented risk management.
- Sanctions directly targeting top executives in companies that fail to meet these requirements.
Many companies will therefore need to invest both resources and time in order to meet the requirements, and recommendations suggest getting started as soon as possible, as the deadline for implementation is mid-October 2024.
Who is affected by the new changes?
Previously, the requirements only applied to critical sectors, such as health, transportation, finance, IT infrastructure, energy, and digital service providers.
With the new changes, other socially essential and important sectors and entities are also covered by the requirements, including:
- Public authorities
- Providers of electronic communication networks and digital services
- Water, wastewater, and waste sorting services
- Manufacturers of certain critical products (such as medicine, medical equipment, and chemicals)
- Postal and parcel services
- Food producers
However, micro and small companies that are not deemed critical are exempted.
How should your company respond in practical terms?
digitalworkspace365 can support your company systemically through our Quality Management System, which can support NIS2 compliance in the following ways:
- Risk management of processes and suppliers
- Development and management of policies and instructions
- Management, planning, and execution of audits
- Reporting and handling of deviations
- Approval processes and change management
- Advisories, alarms, and notifications
- Automation of processes for reporting incidents to supervisory authorities within 24 hours (NIS2 requirement), as well as processes ensuring that you prepare a report within 30 days (NIS2 requirement), criteria for risk assessment, etc.
Read more about our QMS solution here.
Michael Buades
Sales Director
Fill out the form below and we will reach out to you
Do you want to have a non-binding conversation about the possibilities?