Are we Ready for NIS2?

As cyber threats continue to escalate, the EU has introduced significant changes to the existing Network and Information Systems Directive (NIS). The second issue alternation (NIS2) will come into effect in October 2024 and will profoundly impact numerous organizations and businesses across Europe.

The primary focus of these changes is to improve cybersecurity and protect essential services and infrastructure from cyber threats. As a result, EU member states must establish a national network and information security framework.

They are also required to designate essential service operators and digital service providers as “critical infrastructure”,  subjecting them to stringent cybersecurity standards. The directive also requires incident reporting, and member states are expected to cooperate on cybersecurity issues.

We asked Georgi Tsekov, CEO of Daticum AD, for his expert opinion on the directive’s main changes. He presented his views in an article for the special edition of Capital Weekly that focused on cybersecurity.

We live and do business in a constantly digitizing world. EU regulations require strong protection of consumer data and rights. With the new additions, we see a shift in focus – from network and information security to cyber security, extended with the launch of new risk management obligations.

Businesses in critical sectors must assess risks and adopt measures to ensure cyber security. They have a duty to notify competent authorities of any incident. Examples are malicious activity or data theft, seriously threatening cybersecurity and the existence of a significant detrimental effect on the continuity of vital services and the supply of goods.”

What kind of businesses and industries will be affected by NIS2?

The directive affects companies with 50+ employees and an annual turnover of more than €10M. Still, smaller organisations can also be included if they are critical to a country’s functioning.

The Directive will apply to organisations operating in the following key sectors: energy, transport, banking, and financial markets. Its scope also comprises healthcare, digital infrastructure (including telecoms, DNS, cloud and trust services, as well as data centres), and digital services (including search engines, online marketplaces and social networks). More services and industries are added to the list, such as water operators, postal and courier services, food (including production, processing and distribution), waste management and chemicals, and manufacturing, such as medical, computer and transport equipment.

For companies operating in these sectors, preparing to implement the NIS Directive’s requirements is not just a necessity but a proactive step towards addressing vulnerabilities and mitigating the risk of data breaches and system disruptions.

The stakes are high, with less than a year remaining to comply with the stringent cybersecurity, risk management, and incident reporting requirements. Non-compliance could result in significant administrative fines and even criminal penalties, underscoring the urgency and importance of readiness.

How does Daticum help companies achieve NIS 2 compliance?

Daticum is committed to ensuring the cybersecurity of our clients’ businesses in the long run. Our cloud platform and data centre are certified with ISO 27017 and 27018, which proves how much we value providing the highest level of cyber protection. The cloud services we offer at Daticum safeguard organizations’ operational activities and assist them in tackling new threats and challenges in cyber defence. This way, they can achieve compliance with the directive by processing and storing user data safely and securely.

Learn more about NIS2 here
Contact our experts and let them take care of your cyber security in the cloud!