NIS2 - What you need to consider

2월 28, 2023

NIS2 - What you need to consider

Back in 2016, the EU established the NIS (Network and Information Security) cybersecurity directive. Because the directive was very abstract, was not implemented uniformly in the EU countries and, in addition, the Corona pandemic acted as an additional amplifier of cyberattacks, the European Commission decided to revise the directive. Since mid-January, the revised version NIS2 is now available; it replaces NIS and defines new EU minimum standards for cybersecurity of critical infrastructure. The obligations of the directive are to be implemented in national law by the end of 2024.

What's new about NIS2?

The revised NIS2 directive significantly expands the sectors that are classified as critical services. While there were only eight in NIS, NIS2 expands the sectors to 18, distinguishing between essential ("essential") and important ("important"). Here is a comparison of the scope of NIS and NIS2:

Scope of NIS

  • Energy (electricity, oil, gas, heat)
  • Health (utilities, pharmaceuticals)
  • Transportation (air, rail, water, road)
  • Banks and financial markets
  • Water (water)
  • Digital (Internet Exchange Point (IXP) providers, DNS service providers, TLD name registries, ICT service management)
  • Industry (technology and engineering)
  • Digital services (online marketplaces, online search engines, social networks)

Scope of NIS2: Essential ("Essential")

  • Energy (electricity, oil, gas, heat, hydrogen)
  • Health (utilities, laboratories, pharmaceuticals)
  • Transportation (air, rail, water, road)
  • Banking and financial markets
  • Water and wastewater
  • Digital (Internet Exchange Point (IXP) providers, DNS service providers, TLD name registries, data center service providers, cloud computing service providers, content delivery network providers, trust service providers)
  • ICT service management, space, public administration

Scope of NIS2: Important ("Important")

  • Postal and courier
  • Waste management
  • Chemicals
  • food
  • Industry (technology and engineering)
  • Digital services (online marketplaces, online search engines, social networks)
  • Research

NIS2 thus affects more companies, prescribes an improved risk management approach, and provides for more obligations and stricter sanctions. It now clearly sets out the procedures, content and deadlines for reporting security incidents, as well as transposition into national law and enforcement. Other new measures in the directive include:

  • the establishment of national computer emergency response teams
  • the creation of an incident response plan coordinated with member states' plans
  • improving cooperation between private and public entities
  • a cross-sector security culture that is critical to the economy and society and relies heavily on ICTs such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.

The directive sets thresholds of at least 50 employees and 10 million euros in annual revenue. But beware: some companies, regardless of size, count as critical services affected by NIS2 if they are the sole provider of a service in a country that contributes significantly to the maintenance of critical activities of society or the economy.

Implementing NIS2 - act now

The federal government in Germany plans to convert NIS2 into national law by October 2024. Those who are now newly covered by the directive should act quickly. Because consulting, the selection of suitable technologies and their implementation take time. With proactive security solutions from Rohde & Schwarz Cybersecurity, you can meet the requirements of NIS2, choose the best possible protection for your sensitive data and increase your digital sovereignty.

We would be happy to advise and support you in implementing the NIS2 directive - feel free to contact us.

Contact Us

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

마케팅 동의

로데슈바르즈에서 다음과 같은 방법으로 정보를 수신하겠습니다

Rohde & Schwarz GmbH & Co. KG 및 본 웹사이트의 기업 정보에 명시된 Rohde & Schwarz 각 법인 또는 각 지사가 마케팅 및 광고 목적(예: 특별 행사 및 할인 프로모션에 대한 정보)으로 이메일 또는 우편을 통해 연락하는 것에 동의합니다. 개인 데이터 사용 및 해지 절차에 대한 자세한 내용은 개인정보 보호정책마케팅 동의 단락에 명시되어 있습니다.

신청하신 내용이 제출되었습니다. 빠른 시일 내 회신 받으실 것입니다.
An error has occurred, please try again later.