Why Is NIS2 Coming?
Understand why the original NIS Directive was revised into its successor NIS2.
NIS: EU’s First Cybersecurity Law
The Network and Information Systems Directive (NIS) was introduced in 2016 as the first European legislation on cybersecurity. Its primary objective was to increase the cyber resilience of EU Member States by identifying essential service operators in the Union and enforce cybersecurity measures, with incident reporting being a central requirement.
Why NIS was revised
However, not long after its establishment, it became clear that the implementation of the Directive varied greatly between Member States. This inconsistent implementation led to a fragmented system where some companies and organizations were considered essential in some countries, but not in others.
To rectify this, the European Commission decided to revise the NIS Directive to clearly define the organizations covered and their specific requirements, a plan that came into fruition in 2021 in the form of the Network and Information Security Directive (NIS2).
NIS2: A Better Version of NIS
The NIS2 directive expands the scope of the original NIS Directive to include a wider range of organizations, increasing the amount of “entities” covered by a factor of 10. Where NIS only covered sectors such as water supply, energy, digital infrastructure, banking, financial market infrastructure, health, and transport, NIS2 now widens its range of affected sectors to include public administration, digital providers, space, research, postal services, waste management, foods, manufacturing and chemical products.
In addition, NIS2 also strengthens requirements for cybersecurity enforcement, including early mandatory incident reporting, widened risk management and a newly defined designation of C-level cybersecurity responsibility.
Do You Want To Know More?
You Need To Be Fully NIS2 Compliant In:
Time is running out to comply with NIS2 regulations. Starting your compliance journey sooner rather than later is crucial.
A typical NIS2 compliance process, including security assessments, auditing, consulting, and tool implementation, takes approximately 12 months.
For practical advice on how to comply with the requirements, check out our NIS2 white paper.