Kiteworks provides a range of features to enforce compliance with the NIS 2 Directive and the core cybersecurity requirements for operators of essential services and digital service providers. These features enable organizations to detect and respond to security incidents, manage vulnerabilities, and maintain compliance with NIS 2 requirements.

Frequently Asked Questions

The Network and Information Security (NIS) Directive is an EU-wide cybersecurity legislation that aims to achieve a high, common level of cybersecurity for essential services providers across the Member States. The proposed NIS 2 Directive rescinds the original NIS Directive and creates a more extensive and standardised set of cybersecurity requirements. NIS 2 encompasses some major changes, which include a wider scope of coverage, strengthened security requirements, increased collaboration, and faster incident reporting.

The NIS 2 Directive applies to any organization with more than 50 employees whose annual turnover exceeds €10 million and any organization previously included in the original NIS Directive. NIS 2 increases its scope to cover additional essential services, including electronic communications, digital services, space, waste management, food, critical product manufacturing (i.e., pharmaceuticals), postal services, and public administration.

Penalties for noncompliance with NIS 2 include fines of €10 million or 2% of the organization’s total worldwide turnover—whichever of these numbers is higher. These fines mirror those imposed for GDPR violations. NIS 2 represents a significant leap in cybersecurity requirements and therefore should be treated as seriously as GDPR.

While NIS 2 will not apply to organizations in the UK directly, the UK government announced on November 20, 2022 that the UK’s Network and Information Systems (NIS) regulations will be strengthened to allow for NIS 2 alignment in many areas to further protect essential services against digital threats like cyberattacks.

Under NIS 2, organizations must take appropriate and proportionate measures to manage the technical and operational risks to the network and information systems they rely on for operations or the provision of services. These measures include:

  • Ensuring basic computer hygiene (cybersecurity) practices
  • Implementing risk analysis and information system security policies
  • Incident handling protocols
  • Mandatory training for higher management
  • Implementation of a disaster recovery plan
  • Introducing supply chain and network security measures
  • Encryption
  • Strict use of multi-factor identity verification
  • Secure communications


Take control of your sensitive information

console.log ('hstc cookie not exist') "; } else { //echo ""; echo ""; } ?>