The European NIS 2 Directive has been in force since January 2023 and must now be transposed into national law. Find out what this means for companies and European cybersecurity here.

What does NIS mean?

The term "NIS Directive" is the German abbreviation for "The Network and Information Security (NIS) Directive". The NIS-2 Directive is a continuation and extension of the original NIS Directive. NIS-2 came into force in January 2023 and must now be transposed into national law by the European member states by October 2024.

The directive deals with European cyber security and thus the security of network and information systems in the EU.

The directive was created in response to growing cyber threats and the need for a stronger, more unified cybersecurity strategy in the EU. It extends the scope of the original NIS Directive to cover a wider range of sectors and digital services that are critical to public security and the economy.

What's new about NIS-2?

A key aspect of the NIS2 Directive is its extended scope. It now covers additional sectors, including energy, transportation, banking, healthcare, digital infrastructure and public administration. The directive requires companies and organizations in these sectors to implement stricter security measures and conduct regular risk assessments. The requirements may vary depending on the sector. There are also stricter rules for reporting cybersecurity incidents to enable a faster and more effective response to such incidents. The role of national supervisory authorities will also be strengthened to monitor and enforce compliance with the directive.

The underlying aim is to improve and harmonize the level of protection in the member states.

NIS-2 vs. KRITIS

KRITIS legislation, which continues to exist in parallel, has a similar objective.

However, the major difference between NIS-2 and the KRITIS legislation is the group of addressees: While the KRITIS legislation addresses larger institutions in particular, NIS-2 is aimed at a broad range of companies in Europe. Many of them may now have to deal with cybersecurity legislation for the first time and train employees accordingly.

What does NIS-2 mean for companies?

The NIS 2 Directive has significant implications for companies and organizations that fall under its scope. They will need to review and adapt their cyber security strategies, which includes implementing robust security measures, training employees in cyber security practices and establishing effective incident response plans.

Even if the implementation may initially represent an organizational hurdle for many companies, it represents a decisive step towards a more secure digital future in the European Union. It ensures that both public and private sectors are better equipped against cyber threats and helps to strengthen the digital single market. Although implementation poses challenges, it also offers opportunities for innovation and progress in the field of cybersecurity.

Do you need support in the area of cybersecurity or similar? Please contact us here for individual support services and training. Our team of experts will be happy to help you!

DSB buchen
en_USEnglish