The NIS2 Directive aims to enhance cybersecurity across the EU. NIS2, a revised version of the original Network and Information Security Directive, expands the scope and requirements for critical infrastructure sectors and digital services, mandating enhanced security measures and reporting obligations.

Organisations can strengthen their organizational cybersecurity, promote transparency, and avoid potential penalties by following these NIS2 compliance best practices:

  1. Conduct regular risk assessments
  2. Implement a comprehensive incident response plan
  3. Establish strong access controls
  4. Perform security audits and penetration testing
  5. Provide ongoing cybersecurity training
  6. Establish a vulnerability management program
  7. Implement data protection measures
  8. Establish metrics and reporting mechanisms

Here is the entire NIS2 Compliance checklist.

Frequently Asked Questions

The Network and Information Security (NIS) Directive is an EU-wide cybersecurity legislation that aims to achieve a high, common level of cybersecurity for essential services providers across the Member States. The proposed NIS 2 Directive rescinds the original NIS Directive and creates a more extensive and standardised set of cybersecurity requirements. NIS 2 encompasses some major changes, which include a wider scope of coverage, strengthened security requirements, increased collaboration, and faster incident reporting.

The NIS 2 Directive applies to any organization with more than 50 employees whose annual turnover exceeds €10 million and any organization previously included in the original NIS Directive. NIS 2 increases its scope to cover additional essential services, including electronic communications, digital services, space, waste management, food, critical product manufacturing (i.e., pharmaceuticals), postal services, and public administration.

Penalties for noncompliance with NIS 2 include fines of €10 million or 2% of the organization’s total worldwide turnover—whichever of these numbers is higher. These fines mirror those imposed for GDPR violations. NIS 2 represents a significant leap in cybersecurity requirements and therefore should be treated as seriously as GDPR.

While NIS 2 will not apply to organizations in the UK directly, the UK government announced on November 20, 2022 that the UK’s Network and Information Security (NIS) regulations will be strengthened to allow for NIS 2 alignment in many areas to further protect essential services against digital threats like cyberattacks.

Under NIS 2, organizations must take appropriate and proportionate measures to manage the technical and operational risks to the network and information systems they rely on for operations or the provision of services. These measures include:

  • Ensuring basic computer hygiene (cybersecurity) practices
  • Implementing risk analysis and information system security policies
  • Incident handling protocols
  • Mandatory training for higher management
  • Implementation of a disaster recovery plan
  • Introducing supply chain and network security measures
  • Encryption
  • Strict use of multi-factor identity verification
  • Secure communications

 

Get started.

It’s easy to start ensuring regulatory compliance and effectively managing risk with Kiteworks. Join the thousands of organizations who feel confident in their content communications platform today. Select an option below.

Lancez-vous.

Avec Kiteworks, se mettre en conformité règlementaire et bien gérer les risques devient un jeu d’enfant. Rejoignez dès maintenant les milliers de professionnels qui ont confiance en leur plateforme de communication de contenu. Cliquez sur une des options ci-dessous.

Jetzt loslegen.

Mit Kiteworks ist es einfach, die Einhaltung von Vorschriften zu gewährleisten und Risiken effektiv zu managen. Schließen Sie sich den Tausenden von Unternehmen an, die sich schon heute auf ihre Content-Kommunikationsplattform verlassen können. Wählen Sie unten eine Option.

Share
Tweet
Share
Explore Kiteworks