top of page
certification soc 2 type II

NIS2 DIRECTIVE REGULATORY COMPLIANCE

What is the NIS2 Directive?

The NIS2 Directive (Network and Information Security 2) is a European Union directive adopted to strengthen and harmonise cybersecurity for networks and information systems within the EU. It replaces the NIS Directive (dating from 2016) in order to take into account the rapid evolution of cyber threats.

​

The NIS2 Directive therefore pursues the following objectives:

  • Harmonise cybersecurity requirements at European level.

  • Strengthen risk management, incident reporting and executive accountability.

  • Cover a wider range of sectors and companies that are critical (or important) to society and the economy.

Who is affected by this NIS2 Directive?

This directive therefore applies to public or private organisations that: 

  • Operate in critical sectors (energy, health, transport, digital infrastructure, banking, etc.).

and/or

  • Exceed defined size thresholds or provide essential services.

 

While only a few hundred organisations were affected by the NIS1 Directive, several thousand entities will now have to comply with the requirements of this new NIS2 Directive.

What are the obligations of companies affected by the NIS2 Directive?

  • Establish cybersecurity governance, including internal management and responsible parties.

  • Conduct a risk analysis and implement appropriate technical and organisational measures.

  • Promptly report significant security incidents.

  • Prepare business continuity, crisis management and supply chain security plans. 

  • Conduct regular IT security audits and compliance checks, document security processes, and train staff.

 

In the event of non-compliance with the NIS2 Directive, organisations may face financial penalties.

​

In France, this directive is currently being transposed via a draft law, with ANSSI overseeing its implementation. Full operational compliance is expected by 2027.

Why is compliance with NIS2 important?

  • Compliance with the NIS2 Directive by the organisations concerned is essential for several reasons:

  • To ensure the continuity of essential activities and services (banks, infrastructure, transport, health services, etc.) in the event of cyber attacks.

  • To implement security measures adapted to current cyber threats and enable them to evolve rapidly in line with the rapid evolution of these threats.

  • Ensure the trust of European citizens who use these essential services on a daily basis.

  • Ensure the security of European citizens' personal data (health data, banking data, etc.) in accordance with the GDPR.

CyberSecura supports you in achieving compliance with the NIS2 Directive

As part of the operational implementation of the NIS2 Directive, CyberSecura supports you from start to finish, from conducting your compliance audits to implementing your compliance measures, including drafting all your IT security documentation and training your teams.

Saghar Estehghari, consultante experte en cybersécurité.JPG

All our services to help you obtain a compliance with NIS2 Directive are carried out by Saghar Estehghari, co-founder, CTO and expert consultant in cybersecurity.

​

Do you have any questions? Would you like to discuss your compliance with the NIS2 Directive? Book your free call and talk to our expert IT security consultants!

bottom of page