🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

NIS2 Directive: Are you ready? 150,000 entities must comply

Home NIS2 NIS2 Directive: Are you ready? 150,000 entities must comply

Summary

1. NIS2: What is it?

There NIS2 directive, published at the end of 2022 by the European Union, is the new reference framework for cybersecurity critical entities. It replaces the NIS1 directive and imposes a uniform level of security in all Member States.

Objective: strengthen the digital resilience of essential services in the face of increasing cyber threats. Its transposition into French law is expected in October 2024, and will concern more than 150,000 entities in Europe, including nearly 15,000 in France.

There NIS2 compliance not limited to a regulatory obligation. It embodies a cultural change: that of managed, measurable cybersecurity, integrated at the highest strategic level of companies.

2. Who is affected by the NIS2 directive?

The scope of NIS2 is widely extended. It is aimed at two main categories of organizations:

  • ✅ Essential entities (EE)
    • Intermediate or large size (>250 employees or >50M€ turnover)
    • Highly critical sectors: energy, transport, health, water, digital infrastructure, banking, ICT services, public administration, space...
  • ✅ Significant entities (EI)
    • Medium-sized companies (>50 employees or >10M€ turnover)
    • Other critical sectors: waste, chemicals, agri-food, construction, digital suppliers, research...

💡 NB: For players in the financial sector, the DORA directive prevails, but NIS2 may apply in addition.

These entities will have to declare themselves to the’ANSSI (in France) and implement structured cybersecurity management, under penalty of sanctions.

3. What obligations does NIS2 impose?

NIS2 compliance is based on a series of clear, technical, organizational and strategic obligations. Article 21 details the minimum measures to be implemented:

  • ✅ Risk analysis and cyber governance
  • ✅ Crisis management and business continuity plans
  • ✅ Securing supply chains
  • ✅ Training and cyber culture of teams
  • ✅ Encryption policy, strong authentication
  • ✅ Implementation of a NIS2 audit regular
  • ✅ Notification of major incidents within 24 hours
  • ✅ Evaluation of subcontractors and service providers

The major novelty: the leaders are directly responsible. They must validate the cyber policy, supervise its implementation and train management bodies. In the event of a breach, fines can reach up to 2% of global turnover, and criminal sanctions are provided.

4. What impacts for your organization?

The NIS2 directive disrupts cybersecurity governance:

  • Companies are no longer designated, they must self-declare.
  • Boards of directors must manage cyber choices (and assume the consequences).
  • Suppliers, IT service providers, and subcontractors are also becoming affected through extended risk management.
  • Cybersecurity is becoming a strategic investment topic, no longer just a technical topic.

This paradigm shift requires:

  • Review your risk analyses, with a cybersecurity audit complete.
  • Evaluate your exposure, your vulnerabilities, your action plans.
  • Involve your COMEX, in connection with a Outsourced CISO or Shared CISO if you don't already have an internal cybersecurity function.

5. How Data Comply One supports you towards NIS2 compliance?

At Data Comply One, we have designed an offer dedicated to NIS2 compliance, adapted to SMEs, mid-sized companies, communities and critical operators.

Our support will soon include:

  • ✅ NIS2 audit
  • ✅ Automated diagnosis of your maturity level
  • ✅ Access to an outsourced CISO or shared CISO
  • ✅ Implementation of your NIS2 cybersecurity roadmap
  • ✅ Dynamic mapping of risks and assets
  • ✅ Easy-to-use and secure management tool to monitor NIS2 compliance
  • ✅ Raising team awareness and training in e-learning mode
  • ✅ Continuous monitoring and proof of conformity to export from our platform in the event of an inspection

Our platform and our experts make NIS2 compliance a strategic asset, serving your resilience, your business and your performance.

Conclusion: Bring your organization into NIS2 compliance

Your organization must be ready. NIS2 imposes a robust, governed, measured level of cybersecurity, with direct management by managers.

At Data Comply One, we help you transform this obligation into an opportunity and asset for your business. With our platform and our experts you are supported from start to finish with complete peace of mind.

Other articles
on the same subject