NIS2 Directive: helping to improve cybersecurity
Cybersecurity is one of the main concerns for all agents involved in the business world: SMEs, the self-employed, consumers and administrations, among others.
Now, European Union is imposing the NIS2 Directive with the aim of regulating it and creating more secure digital environments. In this article, we tell you what it consists of.
Cybersecurity, a key aspect of technological development
Digital transformation is clearly benefiting business activity in all sectors. Digitalisation offers many opportunities for contacting customers, selling products and services, promoting brands, managing business processes and even selling over the internet.
However, it also creates exposure for businesses and consumers, opening a door through which cybercriminals can access and steal confidential, private or sensitive data. This, in addition to the moral damage to individuals, poses a serious danger to the development of society and the economy, making digital security one of the major objectives of all administrations.
After the COVID-19 crisis, which gave a definitive boost to an already digitised society, European Union took the decision to reinforce security in the technological field, as it is expected that by 2025 more than 41 million devices will be connected.
One of the measures it has taken is the NIS2 Directive. Do you want to know what it is all about? Read on!
NIS2 Directive, a common cybersecurity measure
In August 2017, the NIS Directive came into force, a piece of legislation that, in the face of technological advances and new threats of cybersecurity-related incidents in European Union, created a common framework for action for all Member States.
Three years later, in 2020 and with the new advances in the digital environment, the highest European body updated this regulation with the aim of improving the measures to guarantee an adequate and common level of cybersecurity throughout the region. In this way, the NIS2 Directive was born.
This law came into force in December 2022 and has the following main objectives:
-
Reduce the risk of cyber-attacks in critical sectors.
-
Increase the European Union's capacity to prevent and solve cyber-attacks.
-
Improve protection for European businesses and citizens.
In addition, the NIS2 Directive requires companies involved in certain strategic sectors to comply with a number of cybersecurity obligations set out in this regulation. For example, they must:
-
Implement the necessary organisational and security measures.
-
Have the essential technical tools to carry out these practices.
-
Train their employees in cybersecurity areas.
-
Notify the competent authorities in the event of a cyber-attack.
Failure to comply with these regulations will result in a series of penalties:
-
A maximum of 10 million euros or 2% of the annual turnover of companies considered to be in essential sectors.
-
A maximum of €7 million or 1.4% of annual turnover for companies considered to be in important sectors.
NIS2 Directive creates a common framework for cybersecurity action in European Union.
This change may pose a challenge for companies, which will have to adapt their cybersecurity measures to a common framework regulated by national authorities and approved by European Union. But it is also an opportunity to gain a number of benefits, such as increased security for their businesses and customers.
Sectors covered by the NIS2 Directive
As mentioned above, NIS2 Directive applies to certain sectors that are considered strategic and whose protection is essential for the development of society and individuals.
These sectors are divided into 2 categories:
-
Highly critical sectors such as energy, transport, financial markets, healthcare, drinking and waste water, mail and parcel delivery, waste management, chemical manufacturing, hazardous installations and information and communication technologies.
-
Other sectors such as cloud service providers, online platforms, online search engines, social media and postal services.
If you have doubts about whether your business is affected by NIS2 Directive, you can check the information on its official website.
Small and medium-sized enterprises are also subject to NIS2 Directive regulations, although in these cases, less stringent requirements will apply than for larger businesses. The aim of these regulations is to protect people and infrastructures in European Union, regardless of their size or their overall impact on the economy.
If you want to keep up to date with the most relevant news on digital transformation for SMEs and freelancers, don't miss our news section where, among other topics, Acelera pyme publishes news related to cybersecurity.