Network and Information Security Directive (NIS2)

The Network and Information Security Directive version 2 (NIS2) is an EU law describing legal measures aimed at increasing the overall level of cybersecurity in the EU. 

EU member states are obliged to implement NIS2 in their national legislation by 17 October 2024. The EU companies covered by NIS2 must comply with the directive - Bureau Veritas is ready to help you.

Understanding the nis2 directive

NIS2 is an extension of the NIS1 Directive, and this new directive expands its scope to include more sectors with stricter requirements and stricter penalties for non-compliance compared to NIS1. 

Apart from a few exceptions, the directive applies to medium-sized and large companies with more than 50 employees and an annual turnover of €10 million in various sectors such as health, transport, digital services & infrastructure, banking & finance, and food. 

The main objective of NIS2 is to promote cybersecurity and ensure the resilience of essential services in three key areas:

Risk and incident management: NIS2 stipulates that companies must conduct regular risk assessments to identify potential threats. And that they must have effective measures for handling incidents to ensure that they can respond to and recover in connection with cyber incidents.

Security measures: NIS2 requires businesses to implement technical and organisational measures to ensure the security of their networks and information systems. This includes access control, encryption, and regular security updates.

Reporting: Companies must report significant cyber incidents to relevant authorities.

what companies need to know

The NIS2 Directive applies more broadly and covers more sectors than NIS1. It also applies to companies operating or carrying out activities for EU companies within the scope. Among the covered areas are internet service providers, energy suppliers, utility companies, waste handling companies, banks, transporters, healthcare institutions, food production factories and digital infrastructure providers.

Failure to comply with the directive can be costly. Under NIS2, national authorities can impose a wider range of sanctions compared to NIS. For example:

• CEOs and management can be held personally responsible for shortcomings in connection with the implementation.
• Fines can be as high as €10 million or 2% of the total turnover (for essential entities) or up to €7 million or 1.4% of the total turnover (for important entities).
• Authorities can suspend business operations for safety reasons.

which sectors are covered by nis2?:

NIS2 solutions at Bureau Veritas

Our experts are ready to help your business comply with the requirements of the NIS2 directive – any place your company might be on the cyber security journey. Among the solutions are:

Check if your company is covered by NIS2: The first step is to check if NIS2 applies to your company. NIS2 applies to important and essential entities. Whether a company is classified as important or essential depends on the size of the company, and the sector in which it operates.

Training of the board and company staff: Training your employees, also at board level, is an important part of the NIS2 directive. Bureau Veritas has developed NIS2 management training and a SAFE Awareness Program to help meet the requirements.

Map out your company's current situation: To determine which steps need to be taken to meet the requirements of NIS2, the security level in the company's various departments should be mapped. A possible solution is a NIS2 GAP analysis, which shows the safety state of the company and where the company should be. With this insight, you are ready to take the next step towards becoming NIS2 compliant.

Implement improvements: After mapping out where your business is, necessary improvement measures can be implemented. Our wide range of solutions, including CISO support and incident reporting, assist you in both the implementation and interpretation of the measures.

Become NIS2 compliant: After completing the steps above, you will comply with the NIS2 directive, and your company will be better prepared against cyber threats. With Bureau Veritas as your partner, you get access to our experts, who will support you throughout the process.

why choose bureau veritas to help with nis2 compliance?

• You get access to an experienced team with years of experience in governance, risk and compliance
• We have a range of solutions specifically designed to meet your NIS2 needs to help you comply with NIS2 requirements
• We are cybersecurity experts in the fields: people, processes and technology
• You get a dedicated contact person
• We present a clear roadmap to you on how to become and remain NIS2 compliant
• You get an experienced partner, who is a world leader in inspection, testing and certification
  

FAQ