Remain safe from possible cyber threats becoming compliant with the NIS 2 regulation
The Network and Information Security Directive aims to improve the collective cybersecuity of Member States by protecting critical organizations and infrastructures from cyber threats.
Obligated entities must implement technical, operational, and organizational measures to manage the security risks of networks and information systems.
The NIS 2 directive establish mandatory and sanctionable cybersecurity measures, requires risk management and the reporting of incidents within 24 hours of detection.
To fulfil its objective, the directive focuses on organizations that operate in critical sectors, as they are essential for the proper functioning of society and, for this reason, are often the primary target of cyber-attacks. It will impact over 100.000 organizations.
Companies are in the scope If they provide services or carry out activities in any country in the European Union, count with more than 50 employees and obtain 10 million euros in annual revenue and operate in any of the 18 sectors listed as critical.
By 2025, Member States will establish a list of essential and important entities, which is how NIS 2 defines companies and other organizations that must comply with it.
Essential critical sectors
- Energy
- Transport
- Banking
- Financial market infrastructures
- Health
- Drinking wáter
- Waste water
- Digital infrastructure
- ICT service management (business-to-business)
- Public administration
- Space
Other critical sectors
- Postal and courier services
- Waste management
- Manufacture, production and distribution of chemicals
- Production, processing and distribution of food
- Manufacturing
- Digital providers
- Research