Blog – The Cloud People

The NIS2 Directive: What is it, Why is it Important, and How to Prepare

Written by The Cloud People | May 23, 2023 12:58:28 PM

This is what you need to know about the new NIS2 directive, how it affects your business and what actions you need to take to get compliant.

The Network and Information Systems (NIS2) Directive is a European Union legislation that aims to enhance cybersecurity and critical infrastructure resilience across the EU. The directive requires both public and private entities in certain sectors to take measures to manage and secure their network and information systems better. The original NIS directive was introduced by the European Union in 2016, and established a baseline for cyber security in critial sectors. The new NIS2 directive represents an updated and expanded version that also broadens the scope of coverage to digital service providers.

The sectors covered by the NIS2 directive are diverse and include energy, transport, banking, healthcare, water supply, and digital infrastructure. The directive applies to any organization that provides essential services (OES) or digital services (RDSPs) that rely on network and information systems to operate. 

– Cyber-attacks that cause disruptions in essential services can have devastating consequences. The directive seeks to improve the EU's collective resilience to cyber threats

 

Why is the NIS Directive important?

The NIS2 Directive is critical in strengthening the cybersecurity of the EU's critical infrastructure. Cyber-attacks that cause disruptions in essential services can have devastating consequences, ranging from economic damage to loss of life. By requiring organizations to identify and protect their critical information infrastructure and report serious incidents to competent authorities, the directive seeks to improve the EU's collective resilience to cyber threats.

The distinction between NIS and NIS2

The new NIS2 directive (proposed by the European Cin December 2020) in as mentioned an updated and expanded version of the NIS directive that was introduced in 2016.

While the original NIS directive affected 7 sectors (such as energy, health, finance and water supply), the updated NIS2 directive added 8 more sectors for a total of 15 sectors, including the digital providers sector and the Digital infrastructure sectors that includes online marketplaces, cloud computing services, search engines, 1335 European data centers and more),

The new NIS2 directive also enhances incident reporting obligations and promotes greater collaboration among EU member states in tackling cybersecurity challenges. For instance, under the initial NIS directive, the  incident reporting requirenments varied between member states, while NIS2 established harmonized criteria and timeframes. And while the original NIS directive encouraged corporation on cross-border incidents, the cooperation is now more formalized, and penalties for non-compliance is now stricter and more consistent

How to prepare for the NIS2 Directive?

Organizations covered by the NIS directive must comply with the requirements set out in the legislation. Some of the key measures to prepare for the directive include:

  1. Conducting a risk assessment to identify critical network and information systems and protecting them adequately.
  2. Implementing robust cybersecurity measures, such as access control, firewalls, and encryption, to secure networks and information systems.
  3. Designating responsible individuals to ensure compliance with the NIS directive and reporting any significant security incidents to the relevant authorities.
  4. Regularly testing and evaluating the effectiveness of cybersecurity measures and updating them as necessary.

In conclusion, the NIS2 Directive is a crucial piece of legislation that aims to enhance the cybersecurity of essential and important services and digital infrastructure in the European Union. Organizations that fall under its scope must take proactive measures to comply with the directive's requirements, protect their critical infrastructure, and strengthen the EU's collective cybersecurity.

ServiceNow can help you prepare for the NIS directive

Many enterprises rely on the Now platform from ServiceNow to – among other things – improve security and enforce compliance. Several tools in the platform can also be used to ensure compliance with the NIS directive.

We have collected our best practices on how you can leverage your ServiceNow investment to become NIS compliant in a whitepaper. And even if your organization isn’t affected by the directive, taking measures to improve your cybersecurity is still important.