The NIS2 Directive (Directive (EU) 2022/2555) is a regulation aimed at improving cybersecurity risk management and introducing reporting obligations for essential services and digital service providers across various sectors such as energy, transport, health and digital infrastructure.
The NIS2 Directive is the updated version of the Network and Information Security (NIS) Directive, the first EU-wide legislation on cybersecurity aimed at achieving a high standard level of cybersecurity across Member States. The NIS2 Directive broadens the scope of entities subject to cybersecurity obligations.
It includes deadlines for various tasks, such as creating a list of essential entities and submitting assessment reports. Member States must adopt and publish the necessary measures to comply with the Directive by October 17, 2024, and essential commodities must take appropriate and proportionate technical and organisational measures to manage risks posed by security breaches.
The directive mandates that essential entities implement appropriate technical, operational and organisational measures to manage the risks posed by security breaches.
Essential entities are those whose failure or disruption would significantly impact the provision of basic services, such as energy, transportation, banking, financial market infrastructures, health, drinking water supply, and digital infrastructure. These entities are considered critical to the functioning of the EU’s economy and society, and their failure or disruption could significantly impact the citizens’ well-being and the economy.
The consequences of failing to implement the NIS2 directive can be severe. The directive predicts fines for failing to implement its provisions, and non-compliance can result in financial penalties of up to €10 million or 2% of the total global annual turnover.
Fines are a common form of punishment for non-compliance with the directive. Essential and vital entities that fail to implement appropriate cybersecurity measures, report incidents to national authorities, and cooperate with other member states in the event of a cyberattack may face these penalties.
Contact us today to learn more about our services and how we can help you safeguard your business.