How will the NIS2 directive revolutionize cybersecurity for SMEs and local authorities?
How will the NIS2 directive revolutionize cybersecurity for SMEs and local authorities?
Adopted by the European Parliament, the NIS 2 Directive (Network and Information Systems Directive) is a crucial development that promises to radically transform the cybersecurity landscape.
Its publication in the Official Journal of the European Union marks the start of a new era in network and information systems protection.
But what is at stake?
And what impact will it have on SMEs and local authorities?
Let’s find out together.
NIS 2 Directive: a response to today's cybersecurity challenges
Cyber threats have become commonplace in today’s digital world.
Sophisticated attacks such as ransomware, phishing and attacks on service providers have become realities that all businesses have to face.
With the adoption of the NIS 2 Directive, the European Union is seeking to strengthen the resilience of its members in the face of these growing threats.
The NIS 1 directive, adopted in 2016, laid the foundations for critical infrastructure protection.
However, it did not take sufficient account of subcontractors and local authorities, which are also vulnerable to attack.
The NIS 2 Directive aims to close these gaps by broadening its scope and strengthening its security requirements.
What's new in the NIS 2 Directive?
The NIS 2 Directive imposes stricter security requirements on networks and information systems.
It also extends the list of sectors concerned, from 19 to 35, including areas such as waste management, postal services and agri-food.
In addition, it introduces two new categories of company: essential entities (EE) and important entities (EI), based on the criticality of their activities.
How will this affect SMEs and local authorities?
The new regulations will affect a wider range of players, including small and medium-sized businesses and local authorities.
Until now, only large companies were subject to certain cybersecurity obligations.
With the NIS 2 Directive, companies with over 50 employees and sales in excess of €10 million, as well as their subcontractors, will have to comply with the new requirements.
What are the obligations of the companies concerned?
Companies covered by the NIS 2 Directive will have to implement appropriate security measures to protect their networks and information systems.
They will also have to assess cyber risks and cooperate with the competent authorities in the event of a security incident.
In addition, they will be required to notify significant cyber security incidents within strict deadlines, on pain of sanctions.
In conclusion, the NIS 2 Directive represents a major step forward in the protection of the European Union’s critical infrastructures.
It obliges companies of all sizes to strengthen their security posture and adopt a proactive approach to cyber threats.
To support SMEs and local authorities in this transition, specialized partners such as Elit-Cyber offer tailored solutions and services to ensure effective compliance and optimum protection against digital threats.
