NIS 2 DIRECTIVE
GAMECHANGER FOR CYBERSECURITY IN THE EU
The NIS 2 Directive, planned for implementation in 2024, establishes EU-wide frameworks introducing rigorous cybersecurity regulations for multiple sectors across EU member states. Adopting and early implementing this directive will enable companies to gain a competitive edge by enhancing reputation and increasing customer trust, ultimately contributing to growth and profitability.
When does the NIS 2 Directive come into effect?
NIS 2: THE MOST COMPREHENSIVE CYBERSECURITY DIRECTIVE IN EUROPE
The NIS 2 Directive is the most comprehensive set of cybersecurity regulations in Europe. It introduces stricter requirements for risk management and incident reporting, expands its scope to additional sectors, and imposes harsher penalties for non-compliance. As a result, many organizations in the EU will be required to reassess their approach to cybersecurity.
Essential Entities (EE) under the NIS 2 Directive
The NIS 2 Directive distinguishes between two key categories: Essential Entities (EE) and Important Entities (IE). The former are listed in Annex I, while the latter are listed in Annex II. Organizations must accurately determine which category they belong to and adjust their compliance with the directive accordingly.
Essential Entities covered by the NIS 2 Directive include, among others,
THE ENERGY SECTOR
For example, electricity generation, oil, and gas production.
HEALTHCARE SECTOR
For example healthcare service providers (such as hospitals, clinics).
PUBLIC ADMINISTRATION
considering its critical role and significance in protecting against cyber threats.
BANKING AND FINANCE
Including companies offering payment services.
WATER SUPPLY
For example water distribution and supply.
TRANSPORT
For example, air, rail, maritime, and road transportation.
SPACE SECTOR
The space sector is subject to particularly stringent cybersecurity requirements.
DIGITAL INFRASTRUCTURE
For example, DNS registries and TLDs
IMPORTANT ENTITIES (IE) UNDER THE NIS 2 DIRECTIVE, WHICH ARE ALSO SUBJECT TO ADDITIONAL REQUIREMENTS
DIGITAL SERVICE PROVIDERS
representing diverse sectors offering digital products and services, such as search engines, online marketplaces, and social networks.
THE MANUFACTURING OF EQIUPMENT
This includes the production of medical devices, computers and electronics, machinery and equipment, motor vehicles, trailers and semi-trailers, as well as other transport equipment.
THE CHEMICAL INDUSTRY
which is a key factor in Europe's competitiveness, encompassing the production, manufacturing, and distribution of chemicals.
FMCG SECTOR
which encompasses the entire value chain, from agriculture and food processing to retail sales.
RESEARCH AND DEVELOPMENT SECTOR
which constitutes a significant driving force for innovation and progress, becoming a target for cybercriminals.
WASTE MANAGEMENT SECTOR
which plays a crucial role in handling and disposing of waste materials, ensuring environmental protection and public health.
The NIS 2 Directive poses significant challenges for companies but also opens up new opportunities to enhance security and trust levels throughout the European Union. It also imposes penalties for non-compliance with the directive, which can amount to:
ESSENTIALS ENTITIES (EE)
At least €10 million or up to 2% of the total worldwide annual turnover of the significant entity in the previous financial year, whichever amount is higher.
IMPORTANT ENTITIES (IE)
At least €7 million or up to 1.4% of the total worldwide annual turnover of the important entity in the previous financial year, whichever amount is higher.
Get ready today - with SPIREE!
As part of our collaboration, we offer 5 simple steps to prepare your company for the implementation of NIS 2:
- Assess the current security state and identify risks.
- Establish an incident management system.
- Implement security measures.
- Create continuity of operations plans.
- Conduct training sessions.
Do you want to learn more? Contact us via the form below or give us a CALL.