The implementation of the NIS2 directive is expected by the end of 2023 at the earliest, and more likely during 2024. The European Parliament and the European Council provisionally approved the text of NIS2, but it now needs to be formally adopted. Member states will then have 21 months to transpose the directive into national law.
NIS2 (short for Network and Information Systems Directive) is a European Union regulation that was designed to improve the security of critical infrastructure and the digital services provided by companies operating in the EU. It applies to a wide range of sectors, including energy, transport, health, banking, financial services, and digital infrastructure. These sectors are likely to be the most impacted by the NIS2 regulation, as they are required to take steps to protect their networks and information systems from cyber threats. Additionally, companies operating in these sectors may need to implement measures to ensure the availability, integrity, and confidentiality of their systems and data. Original directive EU Source
In May 2022, the European Parliament and EU member states reached a political agreement on the NIS2 directive. Once formally approved by the European Parliament, NIS2 will be adopted and implementation will start in the EU member states. This is expected to be this year or, at the latest, in the first quarter of 2023. Member states will have 2 years after the directive enters into force to transpose it into national law.
Another key difference from NIS is the more stringent supervisory measures and enforcement requirements, including harmonized penalties across the EU. For example, a company director may soon be held accountable for demonstrable cybersecurity negligence, resulting in fines. The level of these fines will be similar to those imposed by the Personal Data Authority for violations within the GDRP/AVG.
The National Cyber Security Center (NCSC) provides some basic measures around cybersecurity to increase your cyber resilience: Install software updates as soon as they are offered; Make sure each application and system generates sufficient log information; Apply two-factor authentication (2FA) where appropriate; Determine who has access to data and services based on functions and roles, such as by setting up Role Based Access Control (RBAC); Segment networks so that the overall corporate network consists of different zones that cannot simply be taken down simultaneously; Control which devices and services are accessible from the Internet and protect them with a firewall, anti-malware and virus scanner; Encrypt storage media such as USB sticks, external hard drives and company phones containing sensitive company information; Back up systems regularly and test them as well.
The NIS2, or Network and Information Systems Directive, is a European Union (EU) directive that aims to improve cybersecurity across the EU. It was adopted in 2016 and became fully effective in May 2018. The directive requires member states of the EU to adopt measures to improve the security of network and information systems, and to establish national cybersecurity strategies. It also establishes a framework for cooperation between member states in responding to cybersecurity incidents. The directive applies to a wide range of digital services, including online marketplaces, search engines, and cloud computing services.
The NIS2, or Network and Information Systems Directive, is a European Union (EU) directive that aims to improve cybersecurity across the EU. It was adopted in 2016 and became fully effective in May 2018. The directive requires member states of the EU to adopt measures to improve the security of network and information systems, and to establish national cybersecurity strategies. It also establishes a framework for cooperation between member states in responding to cybersecurity incidents. The directive applies to a wide range of digital services, including online marketplaces, search engines, and cloud computing services.
If your company does not comply with the NIS2 European Directive, you may face various consequences, depending on the specific circumstances and the country in which your company is located. Some possible consequences of non-compliance include fines, sanctions, and other penalties. In some cases, non-compliance with the directive may also result in reputational damage to your company, as well as potential legal liabilities. It is important to note that the specific implications of non-compliance with the NIS2 European Directive will vary depending on the specific requirements of the directive, as well as the laws and regulations of the country in which your company is located. It is important to consult with legal counsel to understand the specific implications of non-compliance for your company.
If your company does not comply with the NIS2 European Directive, the implications for the board of directors will depend on the specific circumstances and the laws and regulations of the country in which your company is located. In general, the board of directors is responsible for overseeing the management of the company, including its compliance with applicable laws and regulations. If the company fails to comply with the NIS2 European Directive, the board of directors may face various consequences, including potential legal liabilities and reputational damage. It is important to consult with legal counsel to understand the specific implications of non-compliance with the NIS2 European Directive for the board of directors of your company.
The number of cyber attacks has grown and evolved significantly in recent years, especially during the COVID-19 crisis and since the invasion of Ukraine. In 2021, police in the Netherlands recorded 14,000 cases of cybercrime. An increase of almost a third compared to one year earlier. And a whopping three times more than in 2019! Cybercriminals are becoming more inventive and are also extending their attacks to macOS, Linux and other, new environments. A trend that continues unabated. Not only in Europe, but also in the rest of the world. The European Commission, therefore, presented a new EU cybersecurity strategy in December 2020. It also proposed new rules to make critical entities more physically and digitally resilient: the NIS2 directive.
In May 2022, the European Parliament and EU member states reached a political agreement on the NIS2 directive. Once formally approved by the European Parliament, NIS2 will be adopted and implementation will start in the EU member states. This is expected to be this year or, at the latest, in the first quarter of 2023. Member states will have 2 years after the directive enters into force to transpose it into national law.
The National Cyber Security Center (NCSC) provides some basic measures around cybersecurity to increase your cyber resilience: Install software updates as soon as they are offered; Make sure each application and system generates sufficient log information; Apply two-factor authentication (2FA) where appropriate; Determine who has access to data and services based on functions and roles, such as by setting up Role Based Access Control (RBAC); Segment networks so that the overall corporate network consists of different zones that cannot simply be taken down simultaneously; Control which devices and services are accessible from the Internet and protect them with a firewall, anti-malware and virus scanner; Encrypt storage media such as USB sticks, external hard drives and company phones containing sensitive company information; Back up systems regularly and test them as well.
For 15 years we have been active in cybersecurity and therefore know what it takes to be and become compliant. Recently there is a new legislation applicable within the EU Region the NIS2. And we make sure your know where you stand.
With new legal regulation, it is a given that your business must be compliant. You can no longer delegate business without being responsible for proper execution
Since the fine can be as much as 10% of annual sales, it is very wise to avoid paying a fine to your company
A good digital infrastructure is vital to your business. Here, data sharing and trust in data is key to functioning in the 21st century
Cyber resilience is an important prerequisite for continuing to function in the digital domain.
Our team consists of a group of cybersecurity professionals working in various industries such as critical infrastructure, chemical and process industries
You cannot copy content of this page