NIS2 Directive
Who is affected?
The NIS2 Directive affects a large number of businesses, especially those in critical sectors such as:
- Energy
- Transportation
- Banking
- Healthcare
- Drinking water supply and distribution
- Digital infrastructure
- Public administration
- Providers of digital services such as online marketplaces, search engines and cloud computing services
What must be done?
Companies that fall under the NIS2 Directive must:
- Implement security measures: Increased requirements for technical and organizational measures to protect against cyber attacks.
- Reporting of incidents: Obligation to report significant security incidents to the competent national authorities within 24 hours.
- Risk management: Regular risk assessments and corresponding adjustments to security measures.
- Cooperation: Obligation to cooperate with other Member States and the competent authorities.
By complying with the NIS2 directive, companies should be better armed against cyber threats and general cyber security in the EU should be improved.