NIS2 - What you need to consider

2月 28, 2023

NIS2 - What you need to consider

Back in 2016, the EU established the NIS (Network and Information Security) cybersecurity directive. Because the directive was very abstract, was not implemented uniformly in the EU countries and, in addition, the Corona pandemic acted as an additional amplifier of cyberattacks, the European Commission decided to revise the directive. Since mid-January, the revised version NIS2 is now available; it replaces NIS and defines new EU minimum standards for cybersecurity of critical infrastructure. The obligations of the directive are to be implemented in national law by the end of 2024.

What's new about NIS2?

The revised NIS2 directive significantly expands the sectors that are classified as critical services. While there were only eight in NIS, NIS2 expands the sectors to 18, distinguishing between essential ("essential") and important ("important"). Here is a comparison of the scope of NIS and NIS2:

Scope of NIS

  • Energy (electricity, oil, gas, heat)
  • Health (utilities, pharmaceuticals)
  • Transportation (air, rail, water, road)
  • Banks and financial markets
  • Water (water)
  • Digital (Internet Exchange Point (IXP) providers, DNS service providers, TLD name registries, ICT service management)
  • Industry (technology and engineering)
  • Digital services (online marketplaces, online search engines, social networks)

Scope of NIS2: Essential ("Essential")

  • Energy (electricity, oil, gas, heat, hydrogen)
  • Health (utilities, laboratories, pharmaceuticals)
  • Transportation (air, rail, water, road)
  • Banking and financial markets
  • Water and wastewater
  • Digital (Internet Exchange Point (IXP) providers, DNS service providers, TLD name registries, data center service providers, cloud computing service providers, content delivery network providers, trust service providers)
  • ICT service management, space, public administration

Scope of NIS2: Important ("Important")

  • Postal and courier
  • Waste management
  • Chemicals
  • food
  • Industry (technology and engineering)
  • Digital services (online marketplaces, online search engines, social networks)
  • Research

NIS2 thus affects more companies, prescribes an improved risk management approach, and provides for more obligations and stricter sanctions. It now clearly sets out the procedures, content and deadlines for reporting security incidents, as well as transposition into national law and enforcement. Other new measures in the directive include:

  • the establishment of national computer emergency response teams
  • the creation of an incident response plan coordinated with member states' plans
  • improving cooperation between private and public entities
  • a cross-sector security culture that is critical to the economy and society and relies heavily on ICTs such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.

The directive sets thresholds of at least 50 employees and 10 million euros in annual revenue. But beware: some companies, regardless of size, count as critical services affected by NIS2 if they are the sole provider of a service in a country that contributes significantly to the maintenance of critical activities of society or the economy.

Implementing NIS2 - act now

The federal government in Germany plans to convert NIS2 into national law by October 2024. Those who are now newly covered by the directive should act quickly. Because consulting, the selection of suitable technologies and their implementation take time. With proactive security solutions from Rohde & Schwarz Cybersecurity, you can meet the requirements of NIS2, choose the best possible protection for your sensitive data and increase your digital sovereignty.

We would be happy to advise and support you in implementing the NIS2 directive - feel free to contact us.

Contact Us




私は、Rohde & Schwarz GmbH & Co. KGおよび本ウェブサイトのインプリントに記載されているローデ・シュワルツの事業体または子会社から、電子メールまたは郵便でマーケティングまたは広告情報(特別キャンペーンや値引きに関する情報など)を受け取ることを希望します。個人データの使用と取り消し手順の詳細は、プライバシーステートメントおよびマーケティングパーミッション(事前許諾)に記載されています。

お問い合わせ内容が送信されました。 後ほどご連絡致します。
An error has occurred, please try again later.