Logo
Logo

The NIS2 Directive: Clarifying Legislation and Obligations.

The digitization of our society has brought new cybersecurity challenges. Companies and organizations worldwide are facing increasing cyber threats. The NIS2 Directive, also known as the Network and Information Systems 2 Directive, is a European Union directive. By Oct. 17, 2024, all member states must have transposed this directive into law. But what exactly does the NIS2 law mean for your business?

What does the NIS2 Directive mean?

The NIS2 Directive is a follow-up to the original NIS Directive and aims to increase the resilience of networks and information systems within the EU. This ensures that our vital systems are better protected from attacks, allowing society and the economy to continue to function normally. It emphasizes ensuring the integrity, availability, resilience and security of critical services and digital service providers. This includes sectors such as energy, healthcare, finance and digital infrastructure. It emphasizes the importance of proactive measures to resist cyber attacks and ensure continuity of services.

This directive sets standards for cybersecurity measures and incident response plans that organizations must implement. The goal is to reduce the impact of incidents and promote cooperation among member states in addressing cross-border cyber threats.

Who does the NIS2 law apply to?

The NIS2 Act applies to companies and organizations of critical services and digital service providers within the EU. Healthcare institutions , among others, are recognized as essential pillars under the NIS2 Act because of the sensitivity of the data they manage and the crucial role they play in society. These institutions must comply with specific regulations and obligations to strengthen cybersecurity and ensure the privacy of patient data. Other key sectors include banking, government, energy, transportation, financial markets, water companies and aerospace.

By tightening cybersecurity measures, society and the economy can continue to function normally. Note that member states have the authority to further extend the NIS2 Act to other sectors to ensure national security. Want to know if the NIS2 Act will apply to your company or organization? Test it easily with this self-assessment tool from the National Digital Infrastructure Inspectorate.

What are the obligations under the new law?

The NIS2 Directive imposes several obligations on organizations to strengthen cybersecurity and ensure effective incident response. We have summarized the most important duties for you with concrete examples:

  • Duty of care cybersecurity policy: Organizations themselves must proactively implement cybersecurity measures to reduce risks. Appropriate technical and organizational measures must be taken to safeguard information and systems. This includes protecting medical data from unauthorized access, preventing data breaches and ensuring the integrity of sensitive information.
  • Incident reporting obligation: In serious cybersecurity incidents, organizations are required to report these incidents to the appropriate national authorities without delay within 24 hours. In addition, a report must be submitted within one month of the incident. This contributes to a rapid and coordinated response to incidents at the national and European level. It is therefore important that companies and organizations create and implement robust incident response plans. These plans should include procedures for detecting, reporting and addressing cybersecurity incidents.
  • Registration requirement: Organizations covered by the NIS2 will be required to register. This can create an overview on a European scale of how many organizations are covered by NIS2. It is mandatory to cooperate with the competent national authorities and, if necessary, with other Member States involved. This will encourage cross-border cooperation in addressing cybersecurity threats.

It is essential to evaluate your cybersecurity measures and tighten them where necessary. You can already start with simple first steps, such as multi-factor authentication and limiting access to critical data. You also need, for example, a risk analysis around safeguarding business operations, including aligned measures to protect business operations. We understand how complex it is for your (healthcare) organization to properly prepare for the NIS2 law and how much impact it will have on your business operations. That's why we offer customized solutions and specialized guidance to help your business comply with the NIS2 Directive and protect your data from cyber-attacks.

Get in touch and improve your security!

Schedule a no-obligation consultation around NIS2 and your company's security right away. Also inquire about our security presentations and join! This way you will know how your company complies with the NIS2 obligations. As a partner in Telecom & ICT, we are happy to help you with a personal, effective security path for your company.

Yes, I would like a no-obligation NIS2 interview at EDSAS

Schedule a no-obligation NIS2 consultation now

    This site is protected by reCAPTCHA and Google Privacy Policy and Terms of Service apply.