What is NIS2? 

The Network and Information Systems Directive 2 (NIS2) is a regulation aimed at strengthening the cybersecurity framework within the European Union. This directive builds upon the original NIS Directive, which was the first piece of EU-wide legislation on cybersecurity. NIS2 expands the scope and requirements to enhance cyber resilience across member states, particularly for critical infrastructure entities and essential service providers. 

NIS2 came into force in January 2023, giving Member States until October 2024 to transpose it into national laws that must meet the objectives of the updated directive. This proved ambitious for many: in late 2024, the European Commission opened infringement procedures against 23 Member States. 

The NIS2 directive mandates that organizations in sectors such as energy, transport, banking, health, and digital infrastructure implement robust security measures to mitigate risks and manage incidents effectively. It introduces stricter reporting obligations, ensuring that incidents are promptly communicated to relevant authorities to facilitate a coordinated response. 

 Key requirements of NIS2 include: 

  • Implementation of risk management measures 
  • Incident reporting within 24 hours 
  • Regular audits and monitoring 
  • Appointment of a dedicated security officer 
  • Establishment of security incident response teams 

Moreover, NIS2 emphasizes the importance of collaboration and information sharing among EU countries to manage evolving cyber threats. It requires member states to establish competent authorities and Computer Security Incident Response Teams (CSIRTs) to oversee and support the implementation of the directive. 

Cybersecurity regulations are constantly changing and getting more complex and demanding. Recognizing what this means for you and your organization can be challenging. We take a practical approach to keeping you compliant, share our regulatory knowledge and industry insights, so you stay ahead of developments in your geography. 

NIS2: From risk to opportunity

NIS2: From risk to opportunity

How to get ready to comply with national laws based on the NIS2 cybersecurity framework for industrial companies providing or supplying essential services in Europe? DNV Cybers guide to NIS2 explores what the legislation means for industrial companies in Europe and provides a three-step approach to compliance.

DNV Cyber helps you to understand and practically manage the requirements for effective NIS2 compliance and its reporting systems. Continuous and automated compliance monitoring requires more than static documentation. We support continuous improvement of your cybersecurity posture, same time as you remain compliant and operate efficiently.

Achieving compliance with NIS2 is not a one-time goal. Continuous and automated compliance monitoring is necessary to maintain alignment with NIS2's requirements while ensuring operational efficiency. This approach requires routine assessments, regular updates to security measures, and ongoing efforts to strengthen cybersecurity resilience. DNV Cyber emphasizes the importance of continuous improvement, supporting organizations in their efforts to not only meet compliance standards but also enhance their overall cybersecurity maturity over time. 

 

DNV Cyber provides practical expert guidance on implementing robust security measures tailored to the specific needs of the country and specific industry sectors like digital infrastructure, energy, transport, manufacturing and health.   

Our support to implementing robust security measures for NIS2 readiness and compliance includes: 

  • Cybersecurity risk assessments 
  • Training programs development 
  • Identity and access management 
  • Development of incident response plans 
  • Continuous monitoring of cybersecurity threats 
  • Support for continuous and automated compliance monitoring 

Multinational oil and gas company achieves OT cybersecurity beyond compliance

An EU NIS Directive success journey

IoT and Product Security

IoT and Product Security

Secure your IoT innovations to ensure a competitive edge. DNV Cyber provides a range of IoT & Product Security services to strengthen and keep your economic engine running smoothly by helping you build secure, compliant, and resilient products and software. 

Companies should stay ahead of regulation, which is the best tool available to strengthen collective cyber resilience and to protect and enable businesses. Compliance should not be seen as an end goal, but as a baseline and steppingstone towards greater cybersecurity maturity.

  • Gennady Kreukniet
  • Team Leader Advisory, the Netherlands
  • DNV Cyber