Help with NIS2 is on the way!
ESET is a global leader in digital security with its roots in the European Union. For more than 3 decades, we have pioneered industry-leading IT security software and services for businesses and consumers around the world. ESET has since grown into the largest IT security company in the European Union with solutions ranging from endpoint security, XDR and mobile security, to encryption and two-factor authentication.
Eversheds Sutherland is a global law and civil-law notary firm with 74 offices in 35 countries and employs more than 3,000 lawyers. Due to our international character, we are able to provide cross-border advice like no other. In Europe, Eversheds Sutherland has 44 branch office.
Together with Eversheds Sutherland, ESET will help provide guidance in order to comply with the new NIS2 guideline relevant to your organization.
The NIS2 guideline
NIS2 creates a new scope to strengthen the level of cybersecurity across the EU. This updated version of the first Network and Information Systems Directive entered into force on 16 January 2023, requiring entities operating in critical sectors such as energy, transport, health, digital services and managed security services to implement improved risk management. NIS2 also introduces new reporting rules and fines.
NIS2: A Floor, not a Ceiling
The new NIS2 Directive comes as a response to the growing dependency of critical sectors on digitalization and their higher exposure to cyber threats.
What does NIS2 mean to you?
Compared to its previous version, the new NIS Directive eliminates the distinction between operators of essential services and digital service providers.
The duty of care under NIS2
Under the NIS Directive, a dual duty applies to providers of essential services and digital service providers: a duty to report and a duty of care. In this blog, we will explain the latter.
NIS2: The duty to report
With the advent of the NIS2 Directive, in addition to the duty of care, the duty to report, which already existed under the original NIS Directive, will be fleshed out.
Enforcement, supervision and penalties
The NIS2 foresees enforcement mechanisms to ensure effective compliance with the rules and sanctions in case of breach of the rules.
Where to begin?
NIS2 establishes 17 October 2024 as the deadline for the entities covered by the directive to comply with the new rules.
If you can answer “yes” to these six questions, you are well on your way! In any case, check our blogs to understand how the NIS2 directive impacts your business.
• Do you have an updated inventory of all your hardware and software?
• Do you do a weekly checkup for new software updates?
• Do you know which risks are linked to the hardware and software used in your organization?
• Are you aware of legislative changes and new laws being discussed?
• Have you mapped out how much risk your organization is taking digitally, and do you make well-considered decisions to determine your readiness to deal with these risks?
• Do you regularly assess whether the measures, procedures and processes necessary to limit and control identified cyber risks are still sufficient to protect your organization?