Information security is an important aspect of today's increasingly digitalized society, not least for critical organizations. To strengthen the protection of critical services, the EU has introduced NIS2. In this blog post, we will take a closer look at what NIS2 is, and which organisations are covered by it.
What is NIS2?
NIS2 stands for 'Network and Information Systems Directive 2' and is an update of the previous NIS Directive. NIS2 aims to ensure a high level of information security across the EU by strengthening the protection of essential services in the face of increasing digitalization and cyber threats. NIS2 includes, among others, energy supply, financial services, healthcare and transport.
From 16 January 2023, EU member states have 21 months to integrate NIS2 into their national legislation. The new rules will apply from October 18, 2024 when the previous NIS Directive expires.
Which organizations are covered by NIS2?
NIS2 covers all organizations involved in essential services, whether public or private. This includes everything from large energy companies and banks to smaller hospitals and transport companies. To determine whether an organization is covered by NIS2, you need to assess its importance to the functioning of society.
What requirements does NIS2 place on organizations?
NIS2 imposes strict requirements on organizations covered by the Directive. Among other things, they must take appropriate technical and organizational measures to ensure a high level of information security. They must also report serious incidents to the authorities and cooperate with other organizations to deal with incidents that affect essential services.
NIS2 also imposes stricter enforcement measures and companies that do not comply with the standards risk significant fines. Governing bodies can also be held personally liable for non-compliance.
NIS2 new requirements include, among others:
- Stricter requirements for suppliers and supply chain security;
- Increased requirements for incident reporting;
- Reinforced security measures to protect against cyber threats;
- New requirements for conducting risk assessments.
In summary about NIS2:
- NIS2 is an update of the previous NIS Directive and aims to strengthen the protection of essential services by ensuring information security across the EU.
- All organizations involved in essential services, whether public or private, are covered by the Directive.
- Organizations covered by NIS2 must take appropriate technical and organizational measures to ensure information security.
- They must report serious incidents to the authorities and cooperate with other organizations to manage incidents affecting essential services.
How Stratsys helps you with NIS2 compliance
Managing a complex organization while keeping pace with increasing regulatory requirements is often a lonely and challenging task. With Stratsys, you get effective support to integrate and coordinate work across your organization. Discover how Stratsys can support you in meeting NIS2 requirements.
