NIS 2 Cheatsheet
What?
The EU is trying to make the internet a safer place - and NIS 2 is part of that. The NIS 2 Directive sets the framework for cyber security in Europe, creating a set of rules and guidelines that companies in key industries need to follow. NIS 2 builds on the existing Network and Information Security, but brings several differences, such as extended scope, harmonized security measures, better cooperation among member states and penalties for noncompliance. In practice, this means that companies will be required to start paying attention to cybersecurity - including using software like the one Blackshell sells.
When?
The NIS 2 Directive must be implemented by EU member states by October 18, 2024. This means that countries in the EU are required to transpose the directive into their national laws by this date and ensure that organizations within its scope comply with the new regulations.
Who?
The NIS 2 Directive divides companies into three categories, based on their contribution to the economy and security of their country.
Essential Entities
- Critical for supporting key societal and economic activities
- Must undergo a cybersecurity audit within the first year, then every two years
- Subject to stricter security measures due to their impact on national security and infrastructure
- Must check the security of their suppliers, including cloud, DNS, and data center services
Important Entities
- Play an important role in the economy and society but aren't as critical
- Security measures are scaled to match their risks and size
- Need to implement appropriate security measures but with more flexibility
- Must create business continuity plans, including disaster recovery, to reduce the impact of incidents on operations
Other Entities
- Non-essential companies may be regulated if they provide critical services
- Service disruptions affecting public safety or health could bring them under regulation
- Companies with cross-border risks may also be include
- Key players in important sectors might still face security measures if identified by the governmental body in their country
Read our in-depth NIS 2 Report
(insights, business impact, and compliance strategy for future growth)