Frequently Asked Questions

The Network and Information Security (NIS) Directive is an EU-wide cybersecurity legislation that aims to achieve a high, common level of cybersecurity for essential services providers across the Member States. The proposed NIS 2 Directive rescinds the original NIS Directive and creates a more extensive and standardised set of cybersecurity requirements. NIS 2 encompasses some major changes, which include a wider scope of coverage, strengthened security requirements, increased collaboration, and faster incident reporting.

The NIS 2 Directive applies to any organization with more than 50 employees whose annual turnover exceeds €10 million and any organization previously included in the original NIS Directive.  NIS 2 increases its scope to cover additional essential services, including electronic communications, digital services, space, waste management, food, critical product manufacturing (i.e., pharmaceuticals), postal services, and public administration.

Penalties for noncompliance with NIS 2 include fines of €10 million or 2% of the organization’s total worldwide turnover—whichever of these numbers is higher. These fines mirror those imposed for GDPR violations. NIS 2 represents a significant leap in cybersecurity requirements and therefore should be treated as seriously as GDPR.

While NIS 2 will not apply to organizations in the UK directly, the UK government announced on November 20, 2022 that the UK’s Network and Information Systems (NIS) regulations will be strengthened to allow for NIS 2 alignment in many areas to further protect essential services against digital threats like cyberattacks.

Under NIS 2, organizations must take appropriate and proportionate measures to manage the technical and operational risks to the network and information systems they rely on for operations or the provision of services. These measures include:

  • Ensuring basic computer hygiene (cybersecurity) practices
  • Implementing risk analysis and information system security policies
  • Incident handling protocols
  • Mandatory training for higher management
  • Implementation of a disaster recovery plan
  • Introducing supply chain and network security measures
  • Encryption
  • Strict use of multi-factor identity verification
  • Secure communications



Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.


Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Get A Demo