More requirements, more companies
What is NIS2?
The NIS2 Directive (Network and Information Security Directive) is an extended EU directive. It was published on 27 December 2022 and came into force on 16 January 2023. The aim of the directive is to improve cybersecurity for companies and organisations across the EU. It replaces the original NIS Directive and expands its scope and requirements.
The aim is to ensure a standardised security level for network and information systems in the European Union and to establish a standardised register for security notifications. To this end, NIS2 - and the resulting German law - obliges companies and public institutions to implement stricter security measures, systematic risk management and better cooperation with authorities. The directive aims to increase resilience to cyberattacks and ensure that the EU can respond effectively to digital threats by tracking trends and developments.
As an EU directive, NIS2 still has to be transposed into national law by the EU member states. In Germany, this is regulated by the ‘Act on the Implementation of EU NIS2 and Strengthening of Cybersecurity’ (NIS2UmsuCG), which should initially come into force on 17 October 2024. According to the current status, the law will not actually be passed until the beginning of 2025.
The NIS2 Directive is often seen as a superfluous bureaucratic instrument. However, the implementation of NIS2 will bring numerous benefits.
The benefits of NIS2
Reduced costs due to increased availability
One of the biggest advantages of the NIS2 directive is the improvement in cyber security for companies. The implementation of stricter requirements for IT and information security increases resistance to cyber attacks. The regular risk assessments provided for by NIS2 also enable companies to recognise and eliminate existing vulnerabilities more quickly and effectively. This leads to a more robust security infrastructure overall.
Companies therefore benefit from reduced susceptibility to security breaches. On the one hand, this ensures the long-term stability and security of business operations. On the other hand, increased resistance to attacks also means lower costs that would be incurred to eliminate the consequences of a security incident or due to production downtime. Many companies will have to make initial investments in security. In the long term, however, these investments will pay off in the form of higher availability.
Scope and requirements will be expanded
What does NIS 2 mean for companies?
The NIS2 Directive affects a larger number of economic sectors than previous regulations. So far, only certain sectors such as energy, transport and banking have been affected. NIS2 will also cover, for example, telecoms providers, postal services and food production and will extend to institutions and companies from 18 sectors. This means that the new rules will apply to around 30,000 to 40,000 companies in Germany that were not previously affected.
Another new feature of NIS2 is the significantly stricter requirements for IT and information security. NIS1 required companies to take basic security measures and report serious security incidents. NIS2 requires a regular risk assessment and much stricter measures. In addition, organisations and companies are required to report significant incidents within 24 hours. Detailed information on security-critical incidents must then be subsequently submitted to the authorities.
The directive also requires the training of employees on cyber security issues (‘awareness’) and the implementation of emergency plans. Companies must ensure that their IT infrastructures are continuously monitored and updated.
A positive side effect will be closer cooperation and the exchange of information between national and European authorities. This combined knowledge will allow threats to be recognised and combated at an early stage.
@-yet gets you ready for NIS2
Advice and assistance with the implementation of NIS2
The implementation of the NIS2 directive will entail a wealth of new and complex tasks for companies. This requires not only in-depth expertise, but above all human resources.
@-yet is at your side to provide you with comprehensive support in implementing the NIS2 directive. Our experienced security experts will ensure that you can fulfil all requirements.
Get advice from our security experts
Non-binding, free of charge, comprehensive. Make an appointment now!
The security and data protection experts at @-yet are available to provide you with a comprehensive initial consultation.
Phone : +49 2175 16 55 0
Email: info@at-yet.de
Or you can use this form to contact us.
We look forward to hearig from you!