NIS 2

The new EU cybersecurity legislation.

Is your organisation active in one of the industries classed as crucial for Dutch society? If so, you must comply with the new NIS 2 Directive, which is the new European Union cybersecurity legislation designed to better protect organisations from cyberattacks.

 

NIS2
NIS2
The new EU cybersecurity legislation.

Is your organisation active in one of the industries classed as crucial for Dutch society? If so, you must comply with the new NIS 2 Directive, which is the new European Union cybersecurity legislation designed to better protect organisations from cyberattacks.

Not sure if your organisation is impacted by the NIS 2 Directive?

Many businesses and organisations aren’t sure if NIS 2 applies to them or not. Check now to see if you’re affected.

NIS 2 CHECK

NIS 2 – Important points at a glance.

We’ll keep you up-to-date on all things NIS 2 right here. Looking for a practical overview for future reference or to share with your colleagues? Our free infographic gives you exactly that. Simply save the file so you always have the most important points to hand.

View infographic

What is NIS 2?

NIS stands for Network and Information Security and the directive focuses on critical companies such as those in the water and telecommunications industries. The European Union recently concluded that the 2016 Directive for the security of networks and information systems no longer cut the mustard and have therefore been working on the new and updated NIS 2, which goes a step further by boosting security requirements across Europe to cover a greater number of industries.

The directive focuses on:

Toughening security requirements

Improving supply chain security

Optimising and streamlining reporting requirements

Stricter monitoring

Introducing more stringent enforcement requirements and coordinating penalties across EU member states

What are the directive’s provisions? 


Every organisation affected by the NIS2 Directive is obliged to comply with some essential minimum requirements including those related to crisis management in the event of a considerablecyber incident and the use of cryptography and encryption.

 

These companies also have a very strict obligation to report incidents within 24 hours of becoming aware an incident has taken place and to follow that up within a month with a comprehensive report.

Which sectors are affected?

Previously, it only applied to healthcare, transportation, banking and financial market infrastructure, water, energy, and digital infrastructure providers, but the new NIS 2 Directive has expanded its scope to cover organisations that are critical to society, such as:

  • Telecommunications and energy providers
  • Railway operators
  • Waste and water management companies
  • Financial services
  • Post and courier services
  • Manufacturers of medical devices
  • Public administration.