NIS2 - Not In Scope
You are likely not In Scope of the NIS2 Directive
Not every organisation is in scope of the NIS2 Directive. The scope includes companies and organisations that provide services that are deemed essential and/or important to social and economic activities. In addition, NIS2 is intended for medium or large organisations (more than 50 employees and/or more than €10 million annual turnover and/or an annual balance sheet of €43 million). Furthermore, NIS2 applies to organisations that are considered critical infrastructure or are the sole provider of a particular service to the EU government.
However, the NIS2 applies to organisations, regardless of their size or annual turnover, whenever an organisation provides public services or when an incident at this organisation could have an impact on public safety. Therefore, a member state could mark organisations that do not meet the requirements to be in scope, as important or essential, resulting in these organisations needing to comply to the NIS2 Directive.
Additionally, even if your organisation is not directly in scope of NIS2, your clients, partners or other stakeholders could still require you to be NIS2 compliant. Since the scope of NIS2 is quite broad, many organisations are directly in scope. Therefore, it is expected that NIS2 compliancy will be a widely used requirement for organisations when implementing supplier management.
What's Next
The Member States of the European Union must translate the directive into their own national legislation. The Member States have until October 17th, 2024 to transpose the directive into national legislation. You can prepare your organisation for compliancy to NIS2 by assessing which requirements from the published NIS2 Directive you already meet and which requirements you have yet to implement. Just note that the NIS2 requirements of your national government can deviate from the NIS2 Directive as it is published by the EU.
your independent security crew
What we can do for you
We understand the importance of ensuring the security and protection of your organisation's systems and data, and we want to help you prepare for NIS2 compliance.
If you have any questions about the NIS2 scoping of your organisation, we can support you in your specific question regarding NIS2 scoping. If you are in scope or want to be compliant to the NIS2 for any other reason, we can assess the extent to which your organisation is NIS2 compliant and identify compliancy gaps.
Therefore, we offer a comprehensive NIS2 gap assessment which provides a thorough insight into the current state of information security with regards to the current NIS2 requirements. As a result of this gap assessment, we will deliver a concrete roadmap, tailored to your organisation, of measures to comply with the NIS2 Directive and to reduce possible and critical risks.
We are sure you already meet many of the requirements, but let's jointly make sure you are truly prepared, and your business is protected in the best possible way!
