What is the NIS2 Directive About?

The NIS2 (Network and Information Systems) Directive, effective since January 16, 2023, marks a significant shift in the European Union’s approach to cybersecurity. Expanding the scope to include more sectors and companies, it aims to bolster the resilience of critical infrastructures against cyber threats. With its implementation deadline set for October 17, 2024, businesses need to be proactive in understanding and complying with its requirements.

Key Changes and their Impact: What's New in NIS2?

Icon1

Expanded Scope

Encompassing 18 sectors, including 7 new Important Entities, NIS2 widens its net to ensure more companies are prepared for cyber threats.
Icon1

Mandatory Cyber Risk Management

Companies must now rigorously assess and manage cyber risks, including those in the supply chain.
Icon1

Stringent Reporting

NIS2 enforces strict reporting obligations, ensuring timely and transparent communication with relevant authorities.

Industries affected by the NIS2 Directive

Essential Entities

Important Entities

Energy (Electricity, Oil, Water, Hydrogen)

Post and Courier Services

Healthcare (Hospitals, Laboratories, R&D, Pharmaceuticals, Medical Device Manufacturers)

Waste Management

Transport (Air, Rail, Water, Road)

Chemical Products

Banking & Finance

Drinking Water

Manufacturing/Manufacturing Industry

Sewage

Digital Services (Online Marketplaces, Search Engines, Social Networks)

Digital Infrastructures (IXPs, Cloud Providers, Data Centers, CDNs, TSPs, Electronic Communications)

Research

ICT Service Management in B2B

Space Travel

Public Administration (Central Government, Regional Government)

Responsibilities Under NIS2

  • For CEOs and Managing Directors: Under NIS2, you are directly accountable for your company’s cyber risk management. This includes approving, monitoring, and ensuring the effective implementation of cybersecurity measures. ForeNova’s suite of services can guide you in developing and maintaining a robust cyber defense strategy.
  • For CISOs and IT Security Managers: The directive tasks you with the tactical implementation of cybersecurity practices. From incident response to access control, ForeNova’s NovaMDR and NovaCommand solutions align with your operational needs, ensuring comprehensive security management.

NIS2 Non-compliance Penalties

The requirements of the NIS2 are legally binding on the entities that fall under its purview. Member States have the discretion to penalize non-compliant entities with dissuasive penalties as well as administrative fines. In general, essential entities that fail to comply with its directives may be fined up to €10 million or 2% of their total turnover worldwide – whichever is higher. Important entities that fail to comply with the NIS2 may be fined up to €7 million or 1.7% of global turnover. In addition, non-compliant companies may be forced to suspend their business activities until they meet the NIS2 requirements and achieve 100% compliance.

NIS2-hp-bannerv2
nis2-compliance

Leveraging MDR for NIS2 Compliance

Icon

24/7 Monitoring: MDR provides constant vigilance, ensuring cyber threats are detected and addressed promptly. This is crucial for essential entities that cannot afford downtime.

Icon

Skilled Incident Response: MDR offers expert assistance to help you respond to and remediate cyber threats, reducing the risk of damage to your systems and ensuring compliance with NIS2.

Icon

Broad Coverage: MDR protects all digital assets, from servers to IoT devices, helping you comply with NIS2’s extensive protection requirements.

Icon

Compliance Reporting: MDR generates comprehensive reports on cybersecurity measures, demonstrating your adherence to NIS2 requirements.

Bottom Shape Accordion

Webinar: Prepare for compliance with the NIS2 Directive

NIS2 Directive Frequently Asked Questions

1. How will the new NIS2 rules be supervised and enforced?

The NIS2 Directive emphasizes the responsibilities of competent authorities for supervision and enforcement. Key measures include regular and targeted audits, on-site and off-site checks, requests for information, and access to documents or evidence.

NIS2 interacts with the CER Directive and the DORA, focusing on the physical and cyber resilience of critical entities. National competent authorities under both directives must cooperate and exchange information on risks and incidents. The NIS2 Cooperation Group will regularly meet with the Critical Entities Resilience Group, and the DORA addresses cybersecurity risk management and reporting obligations in the financial sector

NIS2 aims to improve cyber risk management through clear responsibilities, appropriate planning, and increased EU cooperation. It requires Member States to appoint national authorities for cyber crisis management, introduces large-scale cybersecurity incident and crisis response plans, and establishes the EU-CYCLONe network for managing large-scale cybersecurity incidents and crises​

NIS2 mandates that all companies address a core set of cybersecurity risk management policies, including incident handling, supply chain security, vulnerability handling, and the use of cryptography. It introduces a multi-stage approach to incident reporting, requiring companies to submit an early warning within 24 hours, an incident notification within 72 hours, and a final report within one month

Tap into expert insights & best practices

ForeNova’s experts share valuable insights, best practices, customer challenges and industry trends. Learn from security practitioners and thought leaders on how to best protect your business from new and persistent cyber threats.

accent secondary forenova

Detect and protect.

ForeNova represents a new way for companies to put an end to relentless, and often undetected, cyber threats coming from every direction.​ With ForeNova’s unified command center, businesses can detect threats that are already inside their network, and previously unknown.