HomepageNews & mediaStories

NIS2 requirements

Oct 28, 2024Digital & Product Solutions / Cyber Security

Compliance with NIS2 requirements

Cyberattacks in 2024 have become a daily occurrence, and their impact on organizations can be devastating. To address these challenges, the EU has designed the new cyber legislation NIS2. As a cybersecurity expert, DEKRA also offers certifications that are part of demonstrating compliance with NIS2 requirements. These include parts of ISO 27001 and IEC 62443 combined with additional documentation. In this blog, we discuss why DEKRA is the authority in NIS2 compliance and how we help organizations ensure their cybersecurity.

What is NIS2?

NIS2 (Network and Information Systems Directive) is a European cyber legislation and successor to the original NIS legislation, which was introduced in 2016. This legislation focuses on raising the security level of network and information systems within the EU, particularly for companies providing essential services such as energy, transport, and healthcare. The expansion to NIS2 extends the scope to other sectors, such as the food industry, financial sector, and public services.

To what sectors are NIS2 requirements applicable?

  • Manufacturing
  • Energy
  • Transport
  • Banking
  • Financial market infrastructure
  • Healthcare
  • Drinking water
  • Digital infrastructure
  • ICT service providers
  • Wastewater
  • Public administration
  • Local authorities
  • Space
  • Digital service providers
  • Postal and courier services
  • Waste management
  • Food industry
  • Chemical substances
  • Research
When is the deadline to reach NIS2 compliance?
In the Netherlands, the NIS2 directive comes into effect in July 2025. The European implementation date for the NIS2 directive and its requirements is also set for July 1, 2025.
An important aspect of NIS2 is the emphasis on the responsibility of organizations to map and address cybersecurity risks within their supply chain. This means that companies must not only secure their own systems but also those of their partners and suppliers, encompassing the entire chain. The ultimate goal is to create a more resilient digital ecosystem, significantly reducing the risk of disruptions due to cyberattacks.

How to comply with the NIS2 requirements?

  • Duty of Care: Organizations must conduct a risk assessment and take appropriate measures to secure their services based on this assessment.
  • Reporting Obligation: Incidents must be reported to the supervisory authority within 24 hours. A cyber incident must also be reported to the Computer Security Incident Response Team (CSIRT), which can provide assistance and support.
  • Supervision: An independent supervisor will oversee compliance with the obligations of the directive.

DEKRA’s expertise in cybersecurity

DEKRA has positioned itself as a leading expert in the field of cybersecurity. With in-depth knowledge and extensive experience of our experts, DEKRA offers a wide range of services to support organizations in complying with the NIS2 requirements. Here are some of the reasons why DEKRA is considered the authority in this field:

How DEKRA assists organizations with NIS2 requirements

Complying with the NIS2 requirements can be a challenging process, but DEKRA offers a structured approach to guide organizations through this process. Here are some steps DEKRA taked to help organizations achieve NIS2 compliance:
1. Risk analysis: DEKRA starts with a comprehensive risk and gap analysis to evaluate the current state of affairs. This includes identifying potential weaknesses and assessing the effectiveness of existing security measures.
2. Implementation of security measures: Based on the findings from the analyses, DEKRA helps organizations implement the necessary security measures. This can range from policy adjustments to personnel training.
3. Continuous monitoring and evaluation: NIS2 compliance requires continuous monitoring and evaluation of security measures. DEKRA offers services for regular audits and assessments to ensure that organizations remain compliant with the NIS2 requirements and can quickly respond to new threats.
4. Incident response and recovery: In the event of a security incident, a swift and effective response is crucial. DEKRA helps organizations develop and evaluate incident response plans and recovery strategies to minimize the impact of incidents and quickly return to operational status.
NIS2 requirements expert
Cybercrime whitepaper
Does your organization use any products with online connectivity? In this whitepaper you read all you need to know about your role in fighting cybercrime.
/>

Contact us for more information

NIS2 compliance is a complex and ongoing process that requires organizations to continuously evaluate and improve their security measures. DEKRA's extensive expertise, in-depth knowledge of regulations and standards, and years of experience in cybersecurity make us the authority on NIS2 compliance. By partnering with DEKRA, organizations can not only comply with the NIS2 requirements but also enhance their overall cybersecurity and be better prepared for the challenges of the digital future.
For more information on how DEKRA can assist your organization with NIS2 compliance, feel free to contact one of our experts.

Get in touch

Quote request

DEKRA Locations

Audit FAQ