NIS2: What is it and what do you need to do?

According to the World Economic Forum’s (WEF) 2023 Global Risks Report, cybersecurity is in the current and future top 10 risks globally, and the cost of cybercrime is projected to hit an annual US$10.5 trillion by 2025. To protect themselves, businesses and individuals, legislators worldwide are introducing and updating regulations to counter this significant threat. In the European Union, the latest piece of legislation aiming to achieve this is the Network and Information Systems Directive (NIS) 2. 

What is NIS2?

NIS2 is an updated regulatory framework established by the European Union aimed at enhancing the security and resilience of essential services and digital infrastructure across member states. The NIS2 Directive builds upon the original NIS Directive, expanding its scope and introducing stricter security requirements. As cyber threats continue to evolve, NIS2 represents a significant step forward in safeguarding critical operations against disruptions and cyberattacks.

What is the aim of NIS2?

NIS2 aims to bolster the overall security posture of businesses across the EU by establishing a harmonized framework for cybersecurity. The Directive seeks to ensure that organizations within its scope adopt robust security measures, maintain a high level of resilience, and are prepared to respond effectively to incidents. By enhancing cooperation and information sharing among member states, NIS2 also aims to create a more coordinated response to cybersecurity threats at the EU level.

What are the key requirements of NIS2 and when does it come into effect?

NIS2 introduces several key requirements for organizations, including:

NIS2 is set to come into effect in 2024, with member states required to transpose the Directive into national law by October 2024. Organizations within its scope must ensure compliance by this deadline to avoid potential penalties.

Who has to comply with NIS2?

NIS2 categorizes organizations into two main groups: essential and important entities.

• Essential entities include sectors such as energy, transport, banking, financial market infrastructures, health, drinking water, digital infrastructure and public administration.
• Important entities cover other sectors like postal services, waste management, chemicals, food and manufacturing.

Both groups have specific size thresholds, although it is worth noting that an entity may still be considered “essential” or “important” even if it does not meet the size criteria. This can be the case if it is the sole provider of a critical service for societal or economic activity in a member state.

What are some of the key requirements of the NIS2 Directive?

Ensure NIS2 compliance with CloudM Backup

At CloudM, we understand the critical importance of secure and reliable data backups. Our solutions are designed to help businesses meet the stringent requirements of NIS2 with ease.

CloudM offers secure backup solutions that ensure your business data is protected against all threats. Our services include:

• Secure encryption in transit and at rest: we use advanced encryption protocols to protect your data at all stages, ensuring compliance with ISO 27001.
• Broad and granular restoration options: Whether you need a mass restore, folder restoration, or item-specific recovery, CloudM provides flexible options to suit your needs and ensure you can restore crucial files when you need to.
• User-friendly dashboards and secure audit logs: ensure your backup policies and processes are in line with internal guidelines and external regulatory requirements using CloudM Backup’s extensive logs, reporting dashboards and notifications.