Question 1

What is the NIS2 Directive?

Accepted Answer

NIS2 is the EU’s second directive to strengthen network and information security in the European Economic Area. It was first adopted by the EU Parliament in 2022 and still needs to be transposed into national law by the Member States, with the deadline approaching in 2025. The directive will affect a total of 18 sectors.

Question 2

What companies does NIS2 apply to?

Accepted Answer

NIS2 defines 11 sectors as essential entities and 7 others as important entities. Only companies with at least 50 employees and an annual turnover of €50 million will be affected. Irrespective of their size, essential entities also include digital infrastructure providers as well as public administrators and operators whose failure would have a significant impact on society, the economy and security.

Question 3

What does the acronym ‘NIS’ stand for?

Accepted Answer

NIS stands for ‘Network and Information Security’. It is an EU directive designed to strengthen cybersecurity in the European Economic Area. The first NIS Directive was adopted by the EU Parliament in 2016. The second version of the directive (NIS2), which builds on the first, was introduced in 2022.

Question 4

What does the new NIS Directive aim to achieve?

Accepted Answer

The new NIS Directive, NIS2, aim to improve cyber-resilience, i.e. protection against cyberattacks, in all affected sectors. The aim is to achieve a high and consistent level of security across the EU. To achieve this, Member States will cooperate more closely in the future by sharing information and data. This will also enhance supply chain security in all affected sectors.

Question 5

What is NIS1?

Accepted Answer

NIS1 was the first EU-wide directive on cybersecurity and was adopted in 2016. The aim was to increase resilience to cyber threats in the EU by standardizing security measures. However, businesses still need help to implement the directive due to its unclear requirements. Critics also complained that it was too limited in scope, as it applied to too few sectors.

Question 6

What changed from NIS1 to NIS2?

Accepted Answer

One of the most significant changes in NIS2 is its expanded scope. This means that it now applies to a much more comprehensive range of organizations and sectors, including smaller companies and providers of digital infrastructure. In addition, the security requirements imposed by the directive are significantly stricter. They now cover the entire supply chain. Finally, NIS2 gives national authorities greater scope to impose sanctions and exercise more oversight.

Question 7

My company is already ISO 27001 certified. What do I need to do now?

Accepted Answer

It’s a good first step, but the ISO 27001 requirements only cover 70% of NIS2. The new EU directive extends the requirements for risk and asset management and business continuity plans. It also requires companies to put in place standardized incident reporting processes. Finally, NIS2 imposes greater liability on board members and CEOs. This means that they will need to be more involved in security processes than before and will therefore need to receive appropriate training.

Question 8

Does the NIS2 Directive apply to UK companies?

Accepted Answer

The short answer is no. The UK is not implementing NIS2 as it is no longer bound by EU legislation. But the UK is making changes in its existing cybersecurity laws, such as adding managed service providers to the scope of the NIS regulations. Or including more supply chain security-related policies or increasing the obligations for incident reporting.

Question 9

What do I need to do about NIS as a UK business operating in the EU?

Accepted Answer

The good news is that if your organization is already ISO 27001 certified, you have already taken significant steps towards becoming NIS2 compliant. In fact, by building an ISO 27001-compliant ISMS, you complete 70% of the NIS2 requirements. These requirements include risk management, corporate accountability, reporting obligations and business continuity.

Ensure full compliance with the NIS2 Directive

Join 4,000+ companies who are driving their security and compliance objectives with DataGuard

Why businesses rely on DataGuard for NIS2 compliance

Accelerated NIS2 compliance

Comprehensive risk management

Pre-mapped NIS2 framework

Continuous compliance monitoring

Cut risks and workload –achieve NIS2 compliance faster

100%

100 hours

50%

Get in the fast lane for NIS26 steps to compliance and ongoing risk mitigation

Discover how you can achieve your security & compliance objectives with DataGuard.

Frequently asked questions about NIS2

What is the NIS2 Directive?

What companies does NIS2 apply to?

What does the acronym ‘NIS’ stand for?

What does the new NIS Directive aim to achieve?

What is NIS1?

What changed from NIS1 to NIS2?

My company is already ISO 27001 certified. What do I need to do now?

Does the NIS2 Directive apply to UK companies?

What do I need to do about NIS as a UK business operating in the EU?

Relevant resources

NIS2 and ISO 27001: Your path to security compliance

What every business in the EU needs to know about the NIS2 Directive

How NIS2 strengthens cybersecurity

How to prepare for NIS2

Fast-track NIS2 compliance now

How can we help?Contact us.

Products

Platform

Frameworks

Solutions

Resources

Company