NIS2 Directive: Cybersecurity at a new level
The evolution of the NIS Directive: from NIS1 to NIS2. The NIS (Network and Information Security) Directive was the first European initiative to improve cybersecurity, adopted in 2016. It imposed essential requirements for critical service providers, but its implementation was uneven across Member States.
From this need to strengthen cybersecurity, NIS2 was born, a significant update that extends the scope and introduces stricter requirements for the prevention, detection and reporting of cyber incidents.
What's new in the NIS2 directive? Published on 27 December 2022, NIS2 must be transposed into national law by 18 October 2024, and the implementation of the directive will be verified by the Commission for the first time by 17 October 2027 and, in the future, every 36 months. It:
🔹It expands the list of affected sectors, including not only critical infrastructure (energy, transport, health), but also essential sectors such as telecommunications, digital services and public administration.
🔹It introduces new obligations for companies, including notification of cyber incidents within 24 hours, an initial assessment within 72 hours and a final report within one month.
🔹It provides for severe sanctions for non-compliance: up to 10 million euros or 2% of global turnover for essential entities and 7 million euros or 1.4% of turnover for important entities.
Who is covered by NIS2? The directive applies to essential entities (large companies with more than 250 employees and a turnover of more than EUR 50 million) and important entities (companies with more than 50 employees and a turnover of more than EUR 10 million).
These organizations must implement risk management measures and adopt strict reporting measures to prevent cyberattacks and reduce their impact.
Challenges for organizations facing NIS2. Companies must overcome several obstacles to ensure compliance:
🔹Lack of cybersecurity skills and expertise.
🔹Complexity of regulations, which requires a coordinated approach between IT, legal and management.
🔹Excessive security alerts, which can lead to critical signals being lost in the background noise of cyberattacks.
Aliant: your guide to NIS2 compliance.
Navigating the new requirements can be difficult, and Aliant provides strategic and technological support for companies so that they meet the requirements of NIS2. Among the proposed solutions are:
🔹Risk assessment and implementation of the necessary security measures according to NIS2.
🔹Incident management, with tools for rapid detection and response to attacks.
🔹Training and consulting, so that IT and compliance teams are prepared for the new obligations.
NIS2 represents an important step for cybersecurity in Europe. With stricter requirements and severe penalties, companies must act quickly to comply. Aliant is the trusted partner that guides organizations through this process, ensuring cyber security and resilience.
Is your company ready for NIS2? Do you need support? Aliant offers you the expertise and solutions necessary to ensure compliance and protect your business.
Source:
https://nis2directive.eu/nis2-requirements/
https://eur-lex.europa.eu/eli/dir/2022/2555
Share:
Comments