NIS2

NIS2 Directive

NIS2 (Network and Information Security Directive 2) is an updated version of the first NIS (Network and Information Security Directive) from 2016.

What is it?

NIS2 (Network and Information Security Directive 2) is an updated version of the first NIS (Network and Information Security Directive) of 2016. NIS2 is designed to strengthen cyber security in the EU and increase the resilience and safeguards of key sectors of the economy in the face of a growing number of cyber threats.
NIS2 objectives

Key objectives

NIS2 (Network and Information Security Directive 2) is an updated version of the first NIS (Network and Information Security Directive) from 2016.
01

Raising the level of cyber security in the EU:

The directive expands the scope of sectors and entities covered by cyber security obligations.
Establishes minimum requirements for risk management and incident response.
02

Expanding the range of regulated entities:

It covers more key and important sectors, such as energy, transport, health, finance, public administration, digital service providers or water management.
03

Harmonisation of regulations across EU Member States:

NIS2 introduces uniform standards and principles to improve cooperation between Member States in responding to threats and incidents.
04

Increasing the responsibility of actors:

Imposes technical and organisational security measures.
lead the obligation to report security incidents with a specific impact.
05

International cooperation and information exchange:

Promotes cooperation between EU institutions and Member States in preventing and responding to cyber threats.
Time of introduction

Dates

The NIS2 Directive (Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022) entered into force on 16 January 2023. European Union member states had until 17 October 2024 to implement it into their national law. In Poland, the implementation of NIS2 will take place on the basis of an amendment to the Act on the National Cyber Security System.
For whom

Who is affected?

The NIS2 Directive covers 11 focal sectors and 8 important sectors, which are considered vital for the functioning of the economy, society and security of the Member States of the European Union

Key sectors: Operators in these sectors are critical to the functioning of critical infrastructure and the economy. They are subject to more stringent requirements.

Energy sector:

Electricity (generation, transmission, distribution, supply);
Petroleum (production, processing, transport, distribution);
Natural gas (production, storage, distribution, LNG, transport)

Transport sector:

Aviation (airlines, airspace management);
Railways (operators and infrastructure managers);
Water transport (maritime and inland waterways, ports and transport operators); 
Road (operators of key transport services)

Banking sector:

Banks that provide key services within the financial system.

Financial markets infrastructure:

Stock exchanges
Payment institutions and payment settlement infrastructures

Health sector:

Hospitals, clinics, health facilities;
Manufacturers of medical devices

Drinking water and waste water management:

Purification, treatment and distribution of drinking water; Wastewater and water waste management
Purification, treatment and distribution of drinking water;

Digital services:

Data centre service providers;
Cloud service providers (Cloud Computing);
Operators of Internet Exchange Points (IXPs);
Internet domain name registries and DNS providers

Not sure if the NIS2 Directive applies to your company?

Our expert support will help you assess whether your organisation meets the criteria and what action you need to take to comply with the new regulations.
Whether you operate in the energy sector, transport, finance or another key area, our specialists will explain which NIS2 requirements apply to you.

Why get in touch?
We will analyse your situation and identify specific responsibilities.
We will advise you on the steps you need to take to avoid penalties and comply with legal requirements.
You will receive customised solutions tailored to your industry.
Sectors of importance. Operators in these sectors also have to comply with regulations, but the requirements are less stringent compared to the focal sectors.

Post and courier services:

Operators providing large-scale parcel services.

Waste management:

Companies involved in the disposal and recycling of waste, including hazardous waste.

Chemicals production:

Production of basic chemicals, fertilisers, petrochemicals.

Production of pharmaceutical products:

Manufacturers of medicines, vaccines, pharmaceutical actives.

Food production:

Food processing plants and producers of key food commodities.

Production of electronic devices:

Manufacturers of IT components, microprocessors, integrated circuits.

Public administration:

Key administrative institutions at national and regional level.

Digital services:

Online platforms (e.g. e-commerce shops, search engines, social media platforms)
Data processing services (cloud computing)

Not sure if the NIS2 Directive applies to your company?

Why get in touch?
We will analyse your situation and identify specific responsibilities.
We will advise you on the steps you need to take to avoid penalties and comply with legal requirements.
You will receive customised solutions tailored to your industry.
Requirements

How to meet the requirements?

The solutions we offer make it possible to comply comprehensively with the requirements flowing from the NIS2 directive.
NIS2 articles
Related NIS2 requirements
Solution
How does it meet the NIS2 requirement?
- Implementation of technical and organisational security measures
- Reporting of incidents
- Protecting IT systems from cyber threats
- Detecting, responding to and removing threats at the tips
- Real-time monitoring of user and application activity
Endpoint Detection and Response (EDR)
Solution
It monitors end devices in real time, enables rapid response to threats and helps report and remedy incidents.
- Access control and identity management - Measures to prevent unauthorised access
- Management of privileged users to minimise risks
- Controlling access to critical systems
- Monitoring the activities of privileged users
Privileged Access/User Management (PAM)
Solution
Protects critical systems by restricting access to privileged users and monitoring their activities, minimising risk.
- Cooperation and exchange of information on risks
- Risk analysis at sector level
- Risk monitoring for proactive response
- Sharing threat information between actors
- Analysis of trends and potential attacks
Cyber Threat Intelligence (CTI)
Solution
It enables the identification of future threats, the exchange of information with partners and the creation of strategies to prevent attacks.
- Measures to protect IT equipment and data
- Minimising the impact of incidents
- Securing mobile devices, including applications and data
- Preventing data leakage from mobile devices
Mobile Device Management (MDM)
Solution
It ensures the security of mobile devices, preventing data leakage and ensuring compliance with IT infrastructure protection requirements.
- IT risk management and infrastructure protection
- Continuous monitoring of risks
- Protection of Internet connection points (firewalls, IDS/IPS)
- Blocking of network traffic from identified threats
Unified Threat Management (UTM) / Next Generation Firewalls (NGFW)
Solution
It enables effective blocking of network threats and protection of key access points in the IT infrastructure.
- Monitoring and detection of threats
- Minimising the impact of incidents
- Detection of attempted attacks on the network or systems
- Diverting attackers' attention from critical systems
Deception and honeypots
Solution
It allows attacks to be detected and identified quickly, while redirecting attackers away from critical systems.
- Testing and auditing of security measures
- Minimising gaps and exposure to risks
- Identification of vulnerabilities against potential attacks
- Regular testing of IT systems to ensure their security
Automated penetration tests
Solution
It regularly tests systems to identify security vulnerabilities and ensure compliance with security requirements.
- Protection of data integrity
- Prevention of information loss
- Preventing leaks of sensitive data
- Monitoring and controlling the flow of information within the organisation
Data Loss Prevention (DLP)
Solution
It monitors the flow of information within the organisation, protecting against sensitive data leaks and unauthorised access.
- Ensuring availability of critical services
- Minimising the impact of incidents
- Ensuring business continuity of IT systems
- Reducing the impact of DDoS attacks
Load balancing
Solution
It guarantees the continuity of key services, distributing network traffic and reducing the risk of congestion from DDoS attacks.
- Monitoring and analysis of network traffic
- Minimising encryption risks
- Decryption and inspection of encrypted traffic to detect threats
- Increasing the efficiency of security systems
SSL Offloading
Solution
It enables inspection of encrypted traffic and detection of threats, while relieving the burden on other security systems.
- Risk assessment in the supply chain
- Requirements for subcontractors
- Security analysis of suppliers and partners
- Risk management in the ecosystem
Risk assessment in the supply chain / subcontractors
Solution
It supports the risk assessment and security compliance of partners and suppliers, helping to protect the entire ecosystem of the organisation.
- Monitoring and detection of threats
- Incident reporting and analysis
- Collection, storage and analysis of logs
- Automatic incident detection
- Facilitate root cause analysis and incident response
Log Manager / SIEM system
Solution
It provides end-to-end security management through log analysis, incident identification and reporting support.