When is the NIS2 Directive expected to come into force?

The implementation of the NIS2 directive is expected by the end of 2023 at the earliest, and more likely during 2024. The European Parliament and the European Council provisionally approved the text of NIS2, but it now needs to be formally adopted. Member states will then have 21 months to transpose the directive into national law.

Days

NIS2: strengthening YOUR CYBER RESILIENCE

 

 

NIS2 (short for Network and Information Systems Directive) is a European Union regulation that was designed to improve the security of critical infrastructure and the digital services provided by companies operating in the EU. It applies to a wide range of sectors, including energy, transport, health, banking, financial services, and digital infrastructure. These sectors are likely to be the most impacted by the NIS2 regulation, as they are required to take steps to protect their networks and information systems from cyber threats. Additionally, companies operating in these sectors may need to implement measures to ensure the availability, integrity, and confidentiality of their systems and data. Original directive EU Source

When will the NIS2 take effect?

In May 2022, the European Parliament and EU member states reached a political agreement on the NIS2 directive. Once formally approved by the European Parliament, NIS2 will be adopted and implementation will start in the EU member states. This is expected to be this year or, at the latest, in the first quarter of 2023. Member states will have 2 years after the directive enters into force to transpose it into national law.

DIRECTOR Accountability

Another key difference from NIS is the more stringent supervisory measures and enforcement requirements, including harmonized penalties across the EU. For example, a company director may soon be held accountable for demonstrable cybersecurity negligence, resulting in fines. The level of these fines will be similar to those imposed by the Personal Data Authority for violations within the GDRP/AVG.

What can you do to become compliant in advance?

The National Cyber Security Center (NCSC) provides some basic measures around cybersecurity to increase your cyber resilience: Install software updates as soon as they are offered; Make sure each application and system generates sufficient log information; Apply two-factor authentication (2FA) where appropriate; Determine who has access to data and services based on functions and roles, such as by setting up Role Based Access Control (RBAC); Segment networks so that the overall corporate network consists of different zones that cannot simply be taken down simultaneously; Control which devices and services are accessible from the Internet and protect them with a firewall, anti-malware and virus scanner; Encrypt storage media such as USB sticks, external hard drives and company phones containing sensitive company information; Back up systems regularly and test them as well.

NIS2 In simple terms

The NIS2, or Network and Information Systems Directive, is a European Union (EU) directive that aims to improve cybersecurity across the EU. It was adopted in 2016 and became fully effective in May 2018. The directive requires member states of the EU to adopt measures to improve the security of network and information systems, and to establish national cybersecurity strategies. It also establishes a framework for cooperation between member states in responding to cybersecurity incidents. The directive applies to a wide range of digital services, including online marketplaces, search engines, and cloud computing services.

0 +

What sectors are impacted

The NIS2, or Network and Information Systems Directive, is a European Union (EU) directive that aims to improve cybersecurity across the EU. It was adopted in 2016 and became fully effective in May 2018. The directive requires member states of the EU to adopt measures to improve the security of network and information systems, and to establish national cybersecurity strategies. It also establishes a framework for cooperation between member states in responding to cybersecurity incidents. The directive applies to a wide range of digital services, including online marketplaces, search engines, and cloud computing services.

0 %

Implications of NON Compliance

If your company does not comply with the NIS2 European Directive, you may face various consequences, depending on the specific circumstances and the country in which your company is located. Some possible consequences of non-compliance include fines, sanctions, and other penalties. In some cases, non-compliance with the directive may also result in reputational damage to your company, as well as potential legal liabilities. It is important to note that the specific implications of non-compliance with the NIS2 European Directive will vary depending on the specific requirements of the directive, as well as the laws and regulations of the country in which your company is located. It is important to consult with legal counsel to understand the specific implications of non-compliance for your company.

If your company does not comply with the NIS2 European Directive, the implications for the board of directors will depend on the specific circumstances and the laws and regulations of the country in which your company is located. In general, the board of directors is responsible for overseeing the management of the company, including its compliance with applicable laws and regulations. If the company fails to comply with the NIS2 European Directive, the board of directors may face various consequences, including potential legal liabilities and reputational damage. It is important to consult with legal counsel to understand the specific implications of non-compliance with the NIS2 European Directive for the board of directors of your company.

The need for NIS2

The number of cyber attacks has grown and evolved significantly in recent years, especially during the COVID-19 crisis and since the invasion of Ukraine. In 2021, police in the Netherlands recorded 14,000 cases of cybercrime. An increase of almost a third compared to one year earlier. And a whopping three times more than in 2019! Cybercriminals are becoming more inventive and are also extending their attacks to macOS, Linux and other, new environments. A trend that continues unabated. Not only in Europe, but also in the rest of the world. The European Commission, therefore, presented a new EU cybersecurity strategy in December 2020. It also proposed new rules to make critical entities more physically and digitally resilient: the NIS2 directive.

When will the NIS2 enter into force?

In May 2022, the European Parliament and EU member states reached a political agreement on the NIS2 directive. Once formally approved by the European Parliament, NIS2 will be adopted and implementation will start in the EU member states. This is expected to be this year or, at the latest, in the first quarter of 2023. Member states will have 2 years after the directive enters into force to transpose it into national law.

First steps to complience

The National Cyber Security Center (NCSC) provides some basic measures around cybersecurity to increase your cyber resilience: Install software updates as soon as they are offered; Make sure each application and system generates sufficient log information; Apply two-factor authentication (2FA) where appropriate; Determine who has access to data and services based on functions and roles, such as by setting up Role Based Access Control (RBAC); Segment networks so that the overall corporate network consists of different zones that cannot simply be taken down simultaneously; Control which devices and services are accessible from the Internet and protect them with a firewall, anti-malware and virus scanner; Encrypt storage media such as USB sticks, external hard drives and company phones containing sensitive company information; Back up systems regularly and test them as well.

Understand the implications for your company by the NIS2

For 15 years we have been active in cybersecurity and therefore know what it takes to be and become compliant. Recently there is a new legislation applicable within the EU Region the NIS2. And we make sure your know where you stand.

Avoid liability as a director

With new legal regulation, it is a given that your business must be compliant. You can no longer delegate business without being responsible for proper execution

Avoid fines

Since the fine can be as much as 10% of annual sales, it is very wise to avoid paying a fine to your company

Building digital trust

A good digital infrastructure is vital to your business. Here, data sharing and trust in data is key to functioning in the 21st century

Building cyber resilience

Cyber resilience is an important prerequisite for continuing to function in the digital domain.

Our team is happy to help guide you through the implications of NIS2 Regulation for your business

Our team consists of a group of cybersecurity professionals working in various industries such as critical infrastructure, chemical and process industries

You cannot copy content of this page

Get no-obligation information on the implications of NIS2 for your business

Reach out to us today and get a complimentary business review and consultation.