NIS2 explained
On this page, you will find NIS2 PDFs and more information about the directive.
NIS2 explained
On this page, you will find NIS2 PDFs and more information about the directive.
NIS2 PDF
Everything you need to know about the NIS2 directive
The European cyber legislation NIS2 directive enables organizations to increase their digital resilience. Are you looking for a clear and downloadable NIS2 PDF document? DEKRA offers this in the form of downloadable white papers. These provide an overview of the directive, obligations, supply chain, and standards such as ISO 27001 and IEC 62443. Below you can read about the basic features of NIS2.
What is NIS2?
The
NIS2 Directive
is the successor to the original NIS legislation from 2016. Its aim is to increase the security of network and information systems in the EU — both for organizations that provide essential services and for important entities. Who does it apply to? Medium-sized and large organizations (50+ employees or a turnover of more than €10 million) in multiple sectors such as energy, transport, healthcare, digital infrastructure, drinking water, etc.
Discover how your organization plays a crucial role in strengthening the EU's digital resilience. In this whitepaper we discuss the impact of cybercrime.
Request whitepaper
Are you prepared for the latest European cybersecurity legislation? This whitepaper provides a clear overview of NIS2, RED-DA, and CRA compliance.
Request whitepaper
Key elements of the directive
Scope & entities
A distinction is made between essential entities (high supervision) and important entities (less direct supervision, but still subject to obligations) within the scope of NIS2.
In addition, there is increasing focus on the supply chain: you are not only responsible for your own security, but also that of your partners and suppliers.
Obligations
Organizations must, among other things:
- Perform a risk analysis.
- Take technical, operational, and organizational measures.
- Reporting incidents: initial report within 24 hours, detailed report within 72 hours, and final report at a later stage.
- Fines: Failure to comply may result in significant fines (e.g., €10 million or 2% of global turnover for essential entities).
Connection to other standards
ISO 27001 and NIS2
The
ISO 27001 standard
provides a foundation for information security and helps organizations comply with parts of NIS2. In some cases, only parts of ISO 27001 are required in combination with additional documentation to comply with NIS2. Read more about
ISO 27001 and NIS2
here.
IEC 62443 and NIS2
What can DEKRA do for you?
DEKRA offers a comprehensive range of cybersecurity services, including assessments, audits, and certifications. With regard to the NIS2 directive, consider ISO 27001, IEC 62443, and NIST Cybersecurity Framework (CSF). NIST CSF is a set of voluntary cyber guidelines for which you do not receive certification. All of these services are directly or indirectly designed to help organizations identify vulnerabilities, implement effective security measures, and ensure compliance with the NIS2 scope.
Get in touch with us easily
Compliance with the NIS2 directive is a complex and ongoing process that requires your organization to evaluate and improve its security measures. By working with DEKRA, you can increase your digital resilience and be better prepared for the challenges posed by applicable laws and regulations.
Would you like to learn more about how DEKRA can support your organization in the field of cybersecurity? Simply contact us using the form below.
Don't miss important updates on the latest developments surrounding NIS2. Subscribe and automatically receive the latest information directly in your inbox.
Subscribe