NIS2 DIRECTIVE

NIS2 is a European legal framework aimed at enhancing cybersecurity within organizations. It mandates EU Member States to adopt laws that oblige companies to protect their information and infrastructure from cyber threats. This includes implementing security measures, identifying and addressing incidents, and fostering collaboration at both national and international levels. The NIS2 Directive is essential for strengthening digital security, making it crucial for companies to comply with the new legislation.

WHICH COMPANIES DOES THE NIS2 DIRECTIVE APPLY TO?

50 or more employees

Annual turnover > € 10 million

Service from selected sectors (see below)

The NIS2 Directive adds new entities to the original obligated ones. It includes large and medium-sized enterprises providing services in any of the following sectors:

Health

ICT service management

Waste management

Transport

Public administration

Chemical industry

Energy

Space

Food

Banking

Water and atmosphere

Digital services

Financial markets

Manufacturing - selected sectors

Postal and parcel services

Digital infrastructure

Research

NIS2 applies to me. What should I do next?

Every organization affected by NIS2 should take the following steps. We can offer you a helping hand with a free personal consultation. Do not hesitate to contact us.

GAP analysis

Risk analysis

Identification and assessment of risks

BIA and BCM impact studies

Business Impact Analysis and Business Continuity Management

Risk management plan

Comprehensive security strategy with added value

Implementation of measures

Technical, personnel, and organizational measures

Measures effectiveness evaluation and audit

Free consultation

Why NIS2 with Soitron?

We guide you through the entire process of implementing security measures and ensuring compliance with applicable legislation.
We provide you with a comprehensive view of security within your company.
We can help you with any human resources gaps for specific security positions.
With us, your data is reliably protected at the highest level in accordance with current legislation.
We have two certified top-level cybersecurity auditors.
Our team consists of cyber security professionals with numerous security certifications.
We hold ISO certificates and Slovak and Czech National Security Agencies’ industrial security clearance.
We offer a wide range of security solutions backed by years of experience.
Thanks to our multinational presence, we are able to meet a wide range of different requirements and adapt to the local context.

FAQ about NIS2 or what you need to know about the Directive

What is the NIS2 Directive?

The Network and Information Systems Directive 2 (NIS2) is updated EU legislation that replaces the original NIS Directive. It aims to enhance the level of cyber security in EU Member States and improve the protection of the infrastructure of critical and essential entities.

Who does the NIS2 Directive apply to?

Compared to the original NIS Directive, NIS2 broadens the scope of application. It now covers a wider range of sectors, including health, energy, transport, waste and water management, financial and digital services such as cloud providers and online marketplaces. In the manufacturing sector, the NIS2 Directive affects manufacturers of medical devices, machinery, electronic equipment, motor vehicles and other transport means. It is estimated that the NIS2 Directive affects about 7,000 organizations in Slovakia.

What measures should organizations take under NIS2?

Organizations should, for example:

Identify and record security incidents.
Develop incident response procedures and recovery plans.
Conduct a comprehensive risk analysis.
Implement an adequate set of security measures.
Appoint a cybersecurity officer and a person responsible for receiving and recording reports.
Provide regular training for staff on cyber security.

Leave the implementation to the experts. Contact Soitron.

What will be the penalties for non-compliance?

Failure to comply with the requirements can lead to significant financial penalties. For critical service operators, fines can reach up to € 10 million or 2 % of net global annual turnover, whichever is higher. For essential service operators, the fine can go up to € 7 million or 1.4 % of turnover. The supervisory authority has the option to impose repeated fines up to double the stated limits (up to a maximum of € 20 million). For critical service providers, penalties can also include a ban on holding statutory positions.

When will the new obligations come into effect?

The planned effective date is January 1, 2025. The newly obligated organizations will have 12 months to comply with all the requirements.

How will NIS2 affect small and medium-sized enterprises (SMEs)?

NIS2 primarily targets larger organizations and those that provide key services. However, some SMEs that are critical to specific sectors or supply chains may also be required to comply with the Directive.

Free consultation

Not sure where to start? Leave us your contact details and one of our experts will get in touch to help identify the steps your company should take and how we can help.