NIS2

The new EU cybersecurity legislation

Is your organisation active in one of the industries classed as crucial for Dutch society? If so, you must comply with the new NIS2 Directive, which is the new European Union cybersecurity legislation designed to better protect organisations from cyberattacks. Here, we summarise the most important facts and keep an eye out for the latest NIS2 news to make sure you’re always up-to-date.

Want our handy newsletter delivered straight to your inbox? Sign up and receive our whitepaper detailing the NIS 2!

RECEIVE NIS2 UPDATES

NIS2 – Important points at a glance.

We’ll keep you up-to-date on all things NIS2 right here. Looking for a practical overview for future reference or to share with your colleagues? Our free infographic gives you exactly that. Simply save the file so you always have the most important points to hand.

View infographic

Not sure if your organisation is impacted by the NIS 2 Directive?

Many businesses and organisations aren’t sure if NIS 2 applies to them or not. Check now to see if you’re affected.

NIS 2 CHECK

What is NIS 2?

NIS stands for Network and Information Security and the directive focuses on critical companies such as those in the water and telecommunications industries. The European Union recently concluded that the 2016 Directive for the security of networks and information systems no longer cut the mustard and have therefore been working on the new and updated NIS 2, which goes a step further by boosting security requirements across Europe to cover a greater number of industries.

The deadline for implementation is 17 October 2024, but as you’ve probably already heard, the Dutch government have announced they won’t be able to meet that. It’s a complex issues and policy makers need more time to get their heads around it, making it unclear when the directive will come into effect in the Netherlands. In the other EU member states, however, the regulations will be rolled out on schedule meaning it is important for businesses with international customers to be prepared for that October deadline.

The directive focuses on:

Security Icon

Toughening security requirements

Protection Icon

Improving supply chain security

Reporting Icon

Optimising and streamlining reporting requirements

Eye Icon

Stricter monitoring

EU Icon

Introducing more stringent enforcement requirements and coordinating penalties across EU member states

What are the directive’s provisions?

Every organisation affected by the NIS2 Directive is obliged to comply with some essential minimum requirements including those related to crisis management in the event of a considerable cyber incident and the use of cryptography and encryption.

These companies also have a very strict obligation to report incidents within 24 hours of becoming aware an incident has taken place and to follow that up within a month with a comprehensive report.

Which sectors are affected?

Previously, it only applied to healthcare, transportation, banking and financial market infrastructure, water, energy, and digital infrastructure providers, but the new NIS 2 Directive has expanded its scope to cover organisations that are critical to society, such as:

Telecommunications and energy providers
Railway operators
Waste and water management companies
Financial services
Post and courier services
Manufacturers of medical devices
Public administration.

Step-by-step to greater cyber resilience. Gain an insight into your security level and set priorities with ease.

Many businesses are either completely unaware of their cybersecurity status or they have so many measures in place that don’t align with each other that they can’t see the wood for the trees. With our free, no-strings-attached NIS 2 scan, we can provide an overview of where you stand in terms of your people, your organisation and your technology.

Check your organisation