Certainity
reliable.
trustworthy.
bespoke.
office@certainity.com


What is a NIS2 Directive and its objectives

NIS2 is the second version of the Network and Information Security Directive.

It is a legislative act that aims to achieve a high common level of cybersecurity across the European Union. The aim is to improve the resilience and response to security incidents of the public and private sectors in the EU. NIS2 compliance involves more than simply adhering to rules; it includes securing your network and information systems to ensure business continuity and maintain trust with customers and partners.

Does NIS 2 apply to my organisation?

NIS2 applies to “essential” companies, such as energy, wastewater, transport, digital infrastructure, banking, management of B2B ICT services, financial market infrastructures, public administration, healthcare, space and drinking water. It also applies to “important” facilities, such as postal and courier services, processing/manufacturing, waste management, digital service providers, chemistry, research (optional) and food. Sie ist ab 17. Oktober 2024 EU-weit aktiv und muss in nationales Recht umgesetzt werden.Das dazugehörigen Gesetz in Österreich ist noch nicht verabschiedet. Dennoch sollten die NIS-2 Anforderungen sukzessive adressiert werden, denn eine angemessene Umsetzung erfordert ausreichend Zeit.

Measures, responsibilities and deadlines

The NIS2 Directive requires companies to implement comprehensive cybersecurity management covering technical, organisational and strategic aspects. Organisations must strengthen their digital resilience to meet regulatory requirements and effectively protect their critical services. Affected organisations must register within 3 months of the NISG 2024 coming into force. The directive requires compliance with risk management measures and reporting obligations. Management bodies (managing director in the case of limited liability companies, management board and supervisory board in the case of public companies) are responsible for compliance with and supervision of risk management measures.

What risk management measures must be taken?

  • Introduction of robust risk management
  • Management and reporting obligations for security incidents
  • Business continuity & crisis management measures
  • Supply chain security
  • Security measures for acquisition/development/maintenance of ICT
  • Concepts and procedures for evaluating the effectiveness of risk management measures
  • Cyber hygiene and cyber security training
  • Cryptography and encryption where applicable
  • Security of personnel, concepts for access control
  • Multi-factor authentication

How can we support you

We will guide you through all the necessary steps ensuring full compliance with the NIS2 directive, as well as explain the challenges and the opportunities posed by NIS2. Make sure you start with the preparation on time! Contact our NIS2 experts now: sales@certainity.com or 0664 962 3932