The NIS2 Directive, which comes into effect on October 18, 2024, represents a significant change in cybersecurity regulations in Europe. Its goal is to strengthen the protection of companies operating in essential sectors and critical services. If your company has more than 50 employees or a turnover exceeding 10 million euros, this regulation may apply to your business, with strict requirements for risk management and incident reporting.
What is the NIS2 Directive?
The NIS2 Directive is an update to the original 2016 NIS Directive, expanding its scope to more sectors and establishing stricter security requirements. Its purpose is to ensure greater resilience against cyberattacks, protecting essential infrastructures such as:
- Financial and banking services
- Digital infrastructure and telecommunications
- Energy, water, and transport
- Healthcare and pharmaceuticals
- Public administration and government services
If your company belongs to any of these sectors or provides key services for their operation, you will need to comply with the requirements of the NIS2 Directive, regardless of its size.
Key Requirements of the NIS2 Directive for SMEs and Large Companies
1. Risk Management
Affected companies must implement robust cybersecurity measures, ensuring the protection of their systems and supply chain security. This includes:
- Implementation of access controls and perimeter security
- Protection of sensitive data and regular backups
- Continuous monitoring and threat detection
- Implementation of incident response protocols
2. Incident Reporting
In the event of a significant cyberattack, companies will be required to report it within a maximum of 24 hours to the relevant authorities. Additionally, they must submit a full report within 72 hours, including:
- Impact of the incident
- Measures taken to mitigate the damage
- Prevention strategies for future attacks
3. Executive Responsibility
Executives of companies must ensure compliance with these measures. This includes:
- Cybersecurity training for top management
- Active supervision of security strategies
- Allocation of sufficient resources for IT security
Penalties for Non-Compliance
Failure to comply with the NIS2 Directive may result in fines of up to 10 million euros or 2% of the company’s global annual turnover. These penalties aim to ensure that all organizations take cybersecurity seriously and implement the necessary measures.
At Inmove IT Solutions, we help you prepare your company with an effective cybersecurity strategy. Contact us today to ensure compliance before the regulation takes effect.
