Introduced in 2020 and coming into effect on January 16, 2023, the NIS 2 Directive continues and expands upon the previous EU cybersecurity directive, NIS. Proposed by the European Commission, it aims to address and improve upon the shortcomings of the original NIS directive.
NIS 2 enhances the security of network and information systems within the EU by mandating that operators of critical infrastructure and essential services implement appropriate security measures and report incidents to the relevant authorities.
Compared to NIS, NIS 2 broadens its EU-wide security requirements and the range of covered organizations and sectors. It aims to improve the security of supply chains, simplify reporting obligations, and enforce stricter measures and sanctions throughout Europe.
Energy
Covers the crucial energy sectors of electricity, oil, and gas, underscoring their importance in everyday functions and the need for cybersecurity.
ย
Transport
Focuses on the major modes of transport: air, rail, sea, and road, highlighting their role in connecting people and places.
ย
Healthcare
Prioritizes the protection of healthcare settings, encompassing both public hospitals and private clinics, given their role in public welfare.
ย
Public Administration
Emphasizes the protection of public services, reflecting the directive's commitment to ensure uninterrupted and secure administrative functions.
ย
Banking & Financial Market Infrastructure
Addresses the backbone of our financial system, spotlighting areas like payment services that facilitate economic activities.
ย
Digital Infrastructures
Targets foundational digital services, such as those providing DNS and TLD registries, acknowledging their role in the digital ecosystem.
ย
Water Supply
Focuses on the preservation and security of both drinking water and wastewater systems, which are vital for public health.
ย
Space
Illuminates the strategic significance of the space sector, ensuring it meets high cybersecurity standards given its impact on various technologies and services.
Public telecom & ISP providers
Those offering publicly available communication networks and services, such as telecom companies and internet service providers.
Trust service providers
Entities that offer digital trust services, ensuring the authenticity of electronic transactions and communications.
Sole providers of a critical service
Unique entities that are the only sources of specific, vital services critical to daily operations or infrastructure.
TLD registries & DNS providers
Organizations managing top-level domain listings and the systems directing internet traffic to the correct addresses.
Domain name registrars
Businesses that oversee the reservation of internet domain names, ensuring each is unique and correctly assigned.
Entities crucial for safety, security, or health
Vital organizations whose disruption could jeopardize public safety, security measures, or health outcomes.
Central or regional public administration entities
Main governmental bodies at central or regional levels, playing a pivotal role in public governance and administration.
All other entities if:
The entity is the sole provider in a Member State of a service which is essential for the maintenance of critical societal or economic activities;
Disruption of the service provided by the entity could have a significant impact on public safety, public security or public health;
Disruption of the service provided by the entity could induce a significant systemic risk, in particular for sectors where such disruption could have a cross-border impact;
The entity is critical because of its specific importance at national or regional level for the particular sector or type of service, or for other interdependent sectors in the Member State;โ
If a Member State has defined that entity as a โcritical entityโ according to Critical Entities Resilience (CER) Directive (EU) 2022/2557
Digital Providers
Encompassing a broad array of digital services such as search engines, online marketplaces, and social networks, this sector is pivotal in today's interconnected world.
ย
Food
Covering the full spectrum from farm to fork, this sector ensures that every stageโfrom farming and processing to retailโis secure and robust.
ย
Postal & Courier Services
As the lifeline for communications and goods delivery, this sector must uphold a fortified digital defense, ensuring consistent and safe operations.
ย
Research organizations
As a hub of innovation and progress, this sector is pivotal, driving forward scientific breakthroughs while being a potential target for cyber threats.
ย
Chemicals
This sector, vital for Europe's industrial competitiveness, spans from the creation to the distribution of chemicals, serving as a bedrock for innovative solutions.
ย
Manufacturing
A broad field that includes the making of items like medical devices, electronics, machinery, vehicles, and transport equipment, it's at the heart of Europe's production capabilities.
Get Minumum Cybersecurity measures for NIS 2 Compliance
NIS 2 expands the number of covered sectors from 7 to a total of 15 to protect more vital areas of society.
Compared to NIS 1, NIS 2 dramatically increases the requirements for enforcing cybersecurity.
In addition to heavy fines, NIS 2 non-compliance can also lead to legal ramifications for management teams.
Meet with Matt and book a free 15-min call below to better understand how to implement NIS 2 compliance in your company
Curated by NIS2Compliant.org, this page provides publicly-sourced information on everything related to the upcoming NIS2 Directive. Presented in a clear and concise manner for easy consumption.
ย
Disclaimer
The information provided on this website is intended for educational and informational purposes only. The content is not intended to be a substitute for professional advice or any other legal advisory, service, etc. The site’s administrators and contributors make no representations or warranties of the information on the site. Any reliance you place on such information is therefore strictly at your own risk.
Copyright By Nis2Compliant.org
