Youtube Linkedin
Ask us anything
ENG 🇬🇧
ENG 🇬🇧 SLO 🇸🇮 HR 🇭🇷 DE 🇩🇪 FR 🇫🇷
Consult
Nis2Compliant.org
Talk to an Expert

What are the NIS 2 requirements?

Everything about NIS 2 Directive

New Organizational Requirements

To enhance Europe’s resilience against current and future cyber threats, the NIS 2 Directive establishes new requirements and obligations for organizations in four key areas: risk management, corporate accountability, reporting obligations, and business continuity. These measures are designed to strengthen the security of network and information systems, ensuring organizations can effectively manage risks and maintain operations during and after cybersecurity incidents.

Download free guide

To comply with the new Directive, organizations must implement measures to minimize cyber risks. These measures include improving incident management, strengthening supply chain security, enhancing network security, improving access control, and utilizing encryption.

NIS 2 mandates that corporate management must oversee, approve, and receive training on the entity’s cybersecurity measures to address cyber risks. In case of breaches, management may face penalties, including liability and a possible temporary ban from holding management positions.

Essential and important entities are required to establish processes for promptly reporting security incidents that significantly impact their service provision or recipients. NIS 2 specifies notification deadlines, including a 24-hour "early warning" notification.

Organizations must develop a plan to ensure business continuity in the event of major cyber incidents. This plan should address system recovery, emergency procedures, and the establishment of a crisis response team.

Get the detailed checklist to become NIS 2 compliant

Get Minumum Cybersecurity measures for NIS 2 Compliance

Download the NIS 2 Requirements Checklist
The bare minumum of NIS 2 Measures

10 Minimum Measures

In addition to the four key areas of requirement, NIS 2 mandates that essential and important entities implement baseline security measures to address specific types of likely cyber threats.
These measures include:

  • Risk assessments and security policies for information systems
  • Policies and procedures for evaluating the effectiveness of security measures
  • Policies and procedures for the use of cryptography and, when relevant, encryption
  • A plan for handling security incidents
  • Security around the procurement of systems and the development and operation of systems, including policies for handling and reporting vulnerabilities
  • Cybersecurity training and a practice for basic computer hygiene
  • Security procedures for employees with access to sensitive or important data, including policies for data access, asset overview, and proper handling
  • A plan for managing business operations during and after a security incident, including up-to-date backups and access to IT systems
  • The use of multi-factor authentication, continuous authentication solutions, voice, video, and text encryption, and encrypted internal emergency communication, when appropriate
  • Security around supply chains and the relationship between the company and direct supplier, including tailored security measures and overall supplier security assessment

October 2024
NIS 2 goes live

Speed Up Your NIS 2 Research With This Actionable 14-page White Paper

Download the NIS 2 Guide
Everything about NIS 2 Directive

Steps To Prepare For Compliance

As the deadline for transposing the NIS 2 Directive into national law approaches on October 17, 2024, organizations subject to its provisions must undertake preparatory measures for compliance.

These steps involve:

  1. Identifying whether they fall within NIS 2’s scope and assessing which units are affected
  2. Assessing existing security measures, adjusting security policies, and devising plans to ensure compliance with NIS 2.
  3. Integrating new security protocols and incident reporting requirements into the supply chain, initiating early action to mitigate potential delays.
Download free guide

Do You Want To Know More?

Talk to a NIS 2 expert

Meet with Matt and book a free 15-min call below to better understand how to implement NIS 2 compliance in your company

Consult with a specialist

or

Ask us anything
Linkedin Youtube

About us.

Curated by NIS2Compliant.org, this page provides publicly-sourced information on everything related to the upcoming NIS2 Directive. Presented in a clear and concise manner for easy consumption.

 

Disclaimer
The information provided on this website is intended for educational and informational purposes only. The content is not intended to be a substitute for professional advice or any other legal advisory, service, etc. The site’s administrators and contributors make no representations or warranties of the information on the site. Any reliance you place on such information is therefore strictly at your own risk.

More information:

News feeds.

Get in touch.

Book 15 min call

Phone:
00386 41 948 698

Email:
become@nis2compliant.org

Copyright By Nis2Compliant.org