NIS stands for Network and Information Systems, and in 2013 the EU made the first proposal to strengthen cyber defence in Europe in the form of the NIS Directive.
Each Member State has interpreted and adopted the NIS Directive in a slightly different way in 2016. The EU recognised the need for greater uniformity of requirements in order to ensure that entities can meet the increasing demands for improved cyber security, which led to the development of the NIS-2 Directive, which sets the baseline for digital risk management measures and reporting obligations in the European Union. It aims to improve information security for citizens and businesses in the European Union.
NIS-2 was introduced in Member States in 2024. It covers a wide range of sectors and imposes higher requirements on both companies and their suppliers. Tougher sanctions have been introduced – both for your organisation and for those responsible.
Need-to-know about NIS-2
The EU NIS-2 Directive establishes key legislative frameworks at the European Union level to ensure information security and operational resilience to digital risks. In practice, this means introducing new or additional cyber defense systems and processes and reporting obligations for certain companies and organizations. But what do these “additional systems and processes” actually mean in practice and what do companies really need to do? Watch our recorded lecture, showcasing some successful examples of solutions from practice that can also serve as a model for you to achieve not only compliance but also effective cyber risk management.