NIS-2 Directive
IT security requirements
The NIS 2 Directive is the European legal framework for operators of critical infrastructure (KRITIS) and sets minimum standards for cybersecurity within the EU. On this page, you will find everything you need to know about NIS 2.
The EU Directive NIS-2 ("The Networkand Information SecurityDirective") aims to strengthen the resilience of critical infrastructures (KRITIS) to cyber threats and increase the level of cyber security within the EU.
NIS-2 imposes new obligations and extensive security measures on many companies and organisations, primarily affecting critical infrastructures and digital services in the EU, which must meet a series of minimum requirements in order to secure their own systems and networks against cyber attacks.
Contents of the white paper:
NIS-2 applies to companies with 50 or more employees and a turnover of 10 million euros in 18 defined sectors. The two criteria of company size and company sector are therefore decisive in determining whether a company is affected by the directive. There are also some special cases.
According to the NIS 2 Directive, affected companies must implement at least the following measures to increase their resilience to attacks and prevent security incidents as far as possible or minimise their impact.
The NIS 2 Directive entails stricter penalties and sanctions. These are based on the EU General Data Protection Regulation (EU GDPR).
Management must monitor compliance with IT security measures. If obligations are breached, there is a risk of internal liability of the management towards the organisation.
Government inspections are also planned to check compliance.
Significant security incidents must be reported to the Federal Office for Information Security (BSI). The following deadlines apply:
The implementation of the new NIS 2 Directive offers KRITIS operators and the public sector the opportunity to position themselves robustly in terms of IT security. TÜV NORD GROUP accompanies them on this path. Across Europe!
Axel Lange
Head of Marketing & Sales at TÜVIT