NIS2 Requirements
Understand and prepare for the upcoming NIS2 requirements.
New Organizational Requirements
To bolster Europe’s resilience against current and future cyberthreats, the NIS2 Directive introduces new requirements and obligations for organizations in four overarching areas: risk management, corporate accountability, reporting obligations, and business continuity.
Risk Management
To comply with the new Directive, organizations must take measures to minimize cyber risks. These measures include incident management, stronger supply chain security, enhanced network security, better access control, and encryption.
Corporate Accountability
NIS2 requires corporate management to oversee, approve, and be trained on the entity’s cybersecurity measures and to address cyber risks. Breaches may result in penalties for management, including liability and a potential temporary ban from management roles.
Reporting Obligations
Essential and important entities must have processes in place for prompt reporting of security incidents with significant impact on their service provision or recipients. NIS2 sets specific notification deadlines, such as a 24-hour “early warning”.
Business Continuity
Organizations must plan for how they intend to ensure business continuity in the case of major cyber incidents. This plan should include considerations about system recovery, emergency procedures, and setting up a crisis response team.
10 Minimum Measures
In addition to the four overarching areas of requirement, NIS2 mandates that essential and important entities implement baseline security measures to address specific forms of likely cyberthreats. These include:
Steps To Prepare For Compliance
With the NIS2 Directive set to be transposed into national law by October 17, 2024, applicable organizations must take steps to prepare for compliance. These include:
- Determine if they fall under NIS2’s scope and which units are impacted
- Evaluate security measures, amend security policies and plan for NIS2 compliance
- Incorporate new security measures and incident reporting obligations in supply chain. Start early to avoid delays.
Get NIS2 Complaint (Whitepaper):
Time is running out to comply with NIS2 regulations. Starting your compliance journey sooner rather than later is crucial.
A typical NIS2 compliance process, including security assessments, auditing, consulting, and tool implementation, takes approximately 12 months.
For practical advice on how to comply with the requirements, check out our NIS2 white paper.