What is NIS2? 

The Network and Information Systems Directive 2 (NIS2) is a regulation aimed at strengthening the cybersecurity framework within the European Union. This directive builds upon the original NIS Directive, which was the first piece of EU-wide legislation on cybersecurity. NIS2 expands the scope and requirements to enhance cyber resilience across member states, particularly for critical infrastructure entities and essential service providers. 

NIS2 came into force in January 2023, giving Member States until October 2024 to transpose it into national laws that must meet the objectives of the updated directive. This proved ambitious for many: in late 2024, the European Commission opened infringement procedures against 23 Member States. 

The NIS2 directive mandates that organizations in sectors such as energy, transport, banking, health, and digital infrastructure implement robust security measures to mitigate risks and manage incidents effectively. It introduces stricter reporting obligations, ensuring that incidents are promptly communicated to relevant authorities to facilitate a coordinated response. 

 Key requirements of NIS2 include: 

• Implementation of risk management measures 
• Incident reporting within 24 hours 
• Regular audits and monitoring 
• Appointment of a dedicated security officer 
• Establishment of security incident response teams 

Moreover, NIS2 emphasizes the importance of collaboration and information sharing among EU countries to manage evolving cyber threats. It requires member states to establish competent authorities and Computer Security Incident Response Teams (CSIRTs) to oversee and support the implementation of the directive. 

Cybersecurity regulations are constantly changing and getting more complex and demanding. Recognizing what this means for you and your organization can be challenging. We take a practical approach to keeping you compliant, share our regulatory knowledge and industry insights, so you stay ahead of developments in your geography. 

Achieving compliance with NIS2 is not a one-time goal. Continuous and automated compliance monitoring is necessary to maintain alignment with NIS2's requirements while ensuring operational efficiency. This approach requires routine assessments, regular updates to security measures, and ongoing efforts to strengthen cybersecurity resilience. DNV Cyber emphasizes the importance of continuous improvement, supporting organizations in their efforts to not only meet compliance standards but also enhance their overall cybersecurity maturity over time. 

DNV Cyber provides practical expert guidance on implementing robust security measures tailored to the specific needs of the country and specific industry sectors like digital infrastructure, energy, transport, manufacturing and health.   

Our support to implementing robust security measures for NIS2 readiness and compliance includes: 

• Cybersecurity risk assessments 
• Training programs development 
• Identity and access management 
• Development of incident response plans 
• Continuous monitoring of cybersecurity threats 
• Support for continuous and automated compliance monitoring