Skip to content
arrow-alt-circle-up icon

Cyber Incident?

arrow-alt-circle-up icon

Call 00800 1744 0000

arrow-alt-circle-up icon

Active-Threat
Our Experts answer your questions

Network and Information Security (NIS) Directive

From 17 October 2024, all European member states must integrate the updated Network and Information Security (NIS2) into their national legislation. Introduced by the European Parliament in November 2022, NIS2 is designed to ensure robust protection of the EU's assets and internal markets. As a result, a vast majority of organisations within the EU must adopt stricter cyber security standards.

NIS2 FAQs

   Which organisations have NIS2 requirements? 

   How will the NIS2 Directive impact organisations?

   What are the key measures for NIS2 compliance?

   How will the regulations be enforced? 

   How do you begin to become NIS2 compliant? 

   What can Northwave do for you? 

Why-NW

Which organisations have NIS2 Requirements?

Your organisation is probably in the scope of NIS2 if at least one of these applies:

  • Provides public services or services considered essential for social and economic activities
  • Considered critical infrastructure in the EU
  • More than 50 employees and/or more than €10 million annual turnover
  • Sole provider of a particular service to the EU government
  • A cyber incident could have an impact on public safety, regardless of the organisation’s size or annual turnover

Essential Entities

Screenshot 2023-10-12 at 16.29.49

Important Entities

NSI2-IE

*Manufacturing detail:  Medical devices |  Computer, Electronic and Optical products |  Electrical equipment | Machinery | Motor vehicles and (semi-)trailers | Transport equipment)

Northwave-Cyber-Security-16

How Will NIS2 Impact Your Organisation?

The directive aims to raise the level of cyber security in EU member states through four initiatives:

  1. Stronger cyber security requirements overall
  2. Improved supply chain security
  3. Streamlined security and incident reporting
  4. Stricter government oversight and legal enforcement, including harmonised sanctions across the EU

Organisations in the scope of NIS2 must address these initiatives by meeting specific requirements. This will be an ongoing operation. As with financial and safety regulations, you will need to prove the organisation continuously stays in compliance.

Key NIS2 compliance measures:

Security Oversight and Training

Senior management and board members must oversee cyber security and risk management. They can be held personally responsible for non-compliance.

Management and employees should receive regular training to recognise risks and safely manage cyber security threats.

Risk, Incident and Crisis Management

Actively address security risk through comprehensive assessments and robust policies.

Establish processes to prevent, detect, report and respond to security incidents within required timelines. Ensure operations continue during security incidents.

Supply Chain Management
Secure your supply chain by addressing vulnerabilities. Your suppliers must prove they follow specific cyber security practices.
Secure Development and Data Protection
Use secure development practices to protect network components and systems. Ensure all data – whether stored or in transit – is safeguarded with strong encryption methods.

How Will NIS2 Compliance Be Enforced?

NIS2 carries strict penalties for organisations that do not follow the requirements, including:

  • Fines of up to 10 million EUR or 2% of the annual turnover of the previous financial year
  • Senior company management and board members can face fines and a temporary ban from performing management duties. 
Given the implications, it is important to have a clear understanding of whether NIS2 applies to your organisation.

Where do you start?

We’ve developed action plans to help our partners streamline the implementation of new, robust security measures that align with NIS2. The first step is to discover whether your company falls within the scope of NIS2. We even have a free Self-Assessment you can use. If you are in scope, your next step is to find out how the organisation is already meeting NIS2 requirements and what you’ll need to do to become fully compliant. Then, start implementing your new security measures and ongoing processes to keep your organisation in compliance.

5 Step Preparation Plan

Screenshot 2023-10-12 at 16.34.50-1
Stars

What can Northwave do for you?

At Northwave, we believe NIS2 compliance is the result of continuous attention to cyber security. The threats that critical infrastructure and digital services providers face already require good security management and measures to be taken in a holistic way (business, bytes, behaviour).

This is exactly how we’ve been helping our partners for the past 18 years. NIS2 is therefore nothing new. Although the directive may seem daunting, organisations really have nothing to fear. Ultimately, NIS2 can be a business enabler instead of a compliance burden. But the value can only be gained if organisations start acting right away and commit to a long-term vision for comprehensive cyber security.

It's time to safeguard your business assets and gain peace of mind. Contact us today to get started.