The NIS2 Directive stands as a cornerstone of the European Union’s commitment to establishing a robust and uniform level of cybersecurity among its Member States. This directive brings forth a set of new cybersecurity requirements that will have a big impact on organizations falling within its scope.
While the translation of these requirements into national legislation is still in progress, there remains some uncertainty regarding the specifics of compliance. However, for organizations affected by the NIS2 Directive, the time to act is now. Initiating preparations and taking the first steps is not only prudent but also essential to navigate this evolving landscape effectively.
The directive entered into force in January 2023 and obliges Member States to translate the directive into national law by October 2024.
Enhanced Oversight with Necessary Measures: Regulatory authorities are tightening their supervision, ensuring that organizations comply with cybersecurity regulations effectively. This includes monitoring the implementation of essential security measures.
Heightened Sanctions: Penalties for non-compliance are becoming more severe, with stricter measures and higher fines in place. Organizations found lacking in cybersecurity safeguards may face significant financial consequences.
For essential sectors, fines can reach up to €10 million or 2% of the annual turnover, while important sectors may face fines of up to €7 million or 1.4% of the annual turnover.
We can help you by using our expertise to draw up a concrete action plan with effective measures. Our approach will include: