In November 2022, the European Union rolled out a shiny new version of its Network and Information Systems (NIS) Directive: the ‘NIS2 Directive’. This upgraded Directive is designed to supercharge cybersecurity across critical sectors throughout the EU. Wondering how the NIS2 Directive will impact your business? Here’s a closer look at what’s coming, when it’s landing and what you need to do to stay ahead.
So, what exactly is NIS2?
The NIS2 Directive is the next evolution of the original NIS Directive that launched in 2018. While the first version laid the groundwork for EU-wide digital security, its rollout was a bit bumpy and its results were fragmented. However, cyberattacks are lately growing like wildfire and key industries – like energy, healthcare and banking – have become the prime targets for cybercriminals. That’s why the EU decided to step things up a notch.
Enter the NIS2 Directive: a stricter, more unified directive that strengthens security requirements, sharpens reporting obligations and reinforces supervision with sanctions. The goal? Creating a safer, more resilient digital environment across all EU member states, helping businesses (yours included) stay secure in an increasingly connected world. Yup, NIS2 is a real game-changer!
When will the NIS2 Directive kick in?
Member states, including Belgium, should comply with the NIS2 Directive by the 18th of October 2024. That’s right, time is ticking – really fast! So you better take action, if you have not yet done so. Non-compliance can lead to severe penalties, like reputational damage, withdrawal of certificates, mandatory discontinuation of your services and heavy fines (up to €10 million or 2% of global revenue!). It’s safe to say that staying compliant is well worth the effort. The NIS2 Directive is not messing around.
Does the NIS2 Directive apply to your company?
The NIS2 Directive applies to all organizations that have more than 50 employees or a turnover of more than €10 million and that play a crucial role in sustaining the European economy and society. This concerns organizations in any of the following categories:
Highly crucial sectors
- energy (electricity, heating and cooling, petroleum, natural gas, hydrogen)
- transport (air, rail, water, road, space)
- banking and financial market infrastructure
- health (hospitals, reference laboratories, manufacturing of medical devices or pharmaceuticals)
- drinking water and waste water management
- digital infrastructure and IT services
- public administration
Other crucial sectors
- postal and courier services
- waste management
- manufacturing, production and/or distribution of chemicals, food, computers, electronic products, optical products, electrical equipment machinery, motor vehicles, (semi)trailers and other transport equipment
- digital providers
- research
What do companies need to do to comply with NIS2?
You decided to take on your NIS2 obligations, that’s great! But how do you do that exactly? To stay on the right side of NIS2, organizations must ramp up their cybersecurity game. This means rolling out an efficient cybersecurity policy that includes operational, organizational and technical measures. Put the following items on your to-do list:
- Build a cybersecurity roadmap with business continuity measures.
- Conduct risk analyses and boost security awareness in your company.
- Set up incident management processes (you’ll want to be ready when things go south!).
- Report significant security incidents to the relevant authorities within 24 hours after the incident, send an interim report within 72 hours and a final one within a month.
- Share your knowledge on cybersecurity risks and solutions, not just with the government but also with other organizations. This will help develop a centralized European approach to track IT product and service risks.
Need a helping hand with NIS2 compliance?
Navigating the road to NIS2 compliance can be tricky, but you don’t have to do it alone. On the website of ‘Centre for Cybersecurity Belgium’ you find more information and a handy list of frequently asked questions about the NIS2 Directive. On top of that, our Uptime Security experts are here to guide you every step of the way. We’ll tell you all about the NIS2 Directive, assess what needs to be done and help you develop tailor-made cybersecurity solutions that fully prepare you for the NIS2 era.