The European NIS2 Directive has entered into effect on October 18. NIS2 introduces stricter cybersecurity requirements that affect a broader range of sectors and enforces stringent risk mitigation measures as well as reporting obligations.
Which businesses and institutions are affected?
The NIS2 Directive expands its scope compared to the original NIS Directive. In addition to operators of highly critical infrastructures, such as the energy, health, and transport sectors, NIS2 now also includes a wide variety of other critical sectors, such as businesses in the fields of waste management, production of food, manufracturers of specific products, digital providers and research organisations. Moreover, not only large enterprises but also smaller companies operating in these sectors may now be impacted by NIS2.
What is the impact of NIS2 on companies and institutions?
For affected businesses and institutions, NIS2 brings significant changes. They must implement comprehensive measures to secure their IT systems and digital data. This includes the implementation of security policies and the management of risks within their own organization as well as within their supply chains. Additionally, under NIS2, company management bodies themselves can be held responsible for infringements.
NIS2 presents businesses and institutions with substantial challenges regarding cybersecurity and risk management. To determine whether your company or institution is affected by the new regulations and to identify appropriate measures for securing IT systems and digital data in a compliant manner, feel free to contact TPO SOLUTIONS. With the help of our TPOmap software, you can specifically measure the compliance of your existing cyber security measures with the applicable security requirements of NIS2 and GDPR and identify any missing measures.