We receive a lot of questions from clients about the NIS 2 directive. What is it like and what is its purpose? How is it different from NIS 1? Does NIS 2 apply to my organization? What steps do I need to take to be in compliance? Isn't there an overlap with the GDPR?
Admittedly, the documentation available today often does not create clarity.
We therefore make an attempt to list relatively concisely the most essential point.
What does the name NIS2 Directive mean?
Directive version 2 for Netwerk- en InformatieSystems.
Milestones
- In 2016, the European Parliament adopted the NIS 1 Directive, oficially published in the Official Journal of the European Union.
- The NIS 1 directive came into effect in 2019.
- A revised version, known as the NIS 2 directive, was adopted and published on November 10, 2022.
- Subsequently, member states were granted 21 months to integrate this European directive into their respective national legislation. To be precise, all EU member states are required to incorporate the NIS 2 directives into their legislation by October 17, 2024, for them to attain enforceability.
The rationale and objectives of NIS 1
The NIS 1 guidelines aimed to identify so-called 'essential' sectors, where the failure of services could lead to a significant disruption of economic activities and public services, thus endangering the safety of the population.
- Providers of essential services (AEDs) or operators of essential services (OESs) were required to take technical and organizational measures to reduce risks to the security of network and information systems.
- In addition, it also applied (to some extent) to digital service providers or DSPs.
While this first version represented a major step forward in standardizing security for major European companies, it did not take into account subcontractors and local governments, both of which have been hit hard by security incidents in recent years.
However, cyber attacks are becoming more sophisticated and numerous. The need for a second version of the directive was pressing.
NIS 2 guideline builds on the NIS 1. But what has changed and does the NIS 2 guideline apply to your organization?
Download the complete White Paper | The Essentials of the NIS 2 Directive
Good to know is that AXS Guard is launching Observe & Protect: which is AXS Guard's Managed Service solution. A reliable and complete solution that works, even without cyber security specialists in-house. Since AXS Guard itself works on its ISO 27001 certification and we have the cybersecurity expertise like no other, feel free to contact us so we can take the first steps towards NIS 2 compliancy together.
A summary of the NIS 2 ‘essentials’