How to comply with NIS2?

Follow these steps to comply with the EU cybersecurity directive confidently.

> Your Challenges > How to comply with NIS2?

Understanding NIS2 Compliance

Many CISO's and Boardroom members come to us with questions about how to comply with cybersecurity laws and regulations like NIS2. This is the Network and Information Systems Directive adopted by the EU.

NIS2 requires essential and important companies and organizations in the EU to demonstrate a thorough, risk-based implementation of cybersecurity measures. However, the specifics of how to do this can vary considerably from sector to sector.

How can organizations interpret these regulations in practical terms? At Secura, we're committed to helping your organization comply with applicable law.

About the deadline

The NIS2 Directive, adopted in December 2022, raises the bar for cybersecurity across the European Union. This important legislation strengthens protections for network and information systems, but it's not yet directly enforceable as national law.

EU member states are currently working to transpose NIS2 into their own legal frameworks. While the deadline for this is October 17, 2024, some countries will not meet this deadline. It's important to stay informed about the status of NIS2 transposition in your specific country to ensure a smooth transition for your organization.

Not sure if NIS2 applies to you? Start here

Are you wondering if NIS2 applies to your company or organization? Start with our free NIS2 Self Assessment to find out. It will only take 1-5 minutes of your time.

Take the free NIS2 Self Assessment (1-5 mins)

The NIS2 Self Assessment is a tool designed to help companies and organizations determine their compliance requirements under the NIS2 Directive. By answering a series of targeted questions, you can identify which of the four possible outcomes applies to you.

Four possible outcomes of the NIS2 Self Assessment:

  • Considered Essential - indicating the highest level of compliance necessity
  • Considered Important - indicating a high level of compliance necessity, but less strict than for essential organizations.
  • Not sure - needs an expert view - indicating further professional evaluation is required. This is for example the case when the requirement differs per country.
  • Not NIS2 - indicating the organization is not subject to NIS2 regulations (yet). This can change when your organization grows or when you become a supplier to a company that has to comply.

Next steps if "Essential" or "Important"

If your company or organization is considered Essential or Important under NIS2, we advice you to first train your employees, both at the boardroom level and other levels. With the NIS2 Boardroom Training and SAFE Awareness Program, we can help you meet these requirements at all levels.

Next, to determine what steps you need to take to meet the requirements of the NIS2, it is important to have a good idea of what the security maturity levels of different parts of your organization currently are. The NIS2 Gap Assessment measures where you are and where you need to go. With this insight you know which steps you need to take to comply with NIS2.

After determining where you stand and which steps are needed to meet the requirements of NIS2, it is time to implement measures. For example, CISO support or Incident Response services. Our broad range of services can support you both in the implementation and in the interpretation of measures.

After completing these steps, you will be NIS2 compliant and your organization will be more secure in the face of cyber threats. Does this sound complicated? Then consider the CyberCare program, with which we support you throughout the process.

Next steps if "Essential" or "Important"

01

Verify if NIS2 applies to your organization

NIS2 applies to important and essential entities. Whether a company is so classified depends on the size and sector in which the company operates. We offer a free NIS2 Self Assessment here.

02

Train your board and staff

Training your employees, both at the boardroom level and other levels, is an essential part of NIS2. With the NIS2 Boardroom Training and SAFE Awareness Program, we can help you meet these requirements at all levels.

03

Map where your organization currently stands

To determine what steps you need to take to meet the requirements of the NIS2, it is important to have a good idea of what the security maturity levels of different parts of your organization currently are. The NIS2 Gap Assessment measures where you are and where you need to go. With this insight you know which steps you need to take to comply with NIS2.

04

Implement improvements

After determining where you stand and which steps are needed to meet the requirements of NIS2, it is time to implement measures. For example, CISO support or Incident Response services. Our broad range of services can support you both in the implementation and in the interpretation of measures.

05

NIS2 compliance

After completing these steps, you will be NIS2 compliant and your organization will be more secure in the face of cyber threats. Does this sound complicated? Then consider the CyberCare program, with which we support you throughout the process.

How we support you

Secura offers a all services to help you become NIS2 compliant. Please visit our NIS2 Services page for a comprehensive overview of our services to help you become NIS2 compliant.

VISIT our NIS2 Services Page

GET READY FOR NIS2

The European Directive for Network and Information Systems comes into effect on October 17, 2024, or later, depending on your local government. Don't wait any longer and start taking action today.

00

days
:

00

hrs
:

00

min
:

00

sec

DOWNLOAD YOUR ULTIMATE NIS2 GUIDE

Discover your best next steps for NIS2. Please enter your name, email and company to download your NIS2 Guide immediately:

CONTACT USABOUT NIS2

Would you like to learn more about NIS2 for your company or organization? Please fill out the form below and we will contact you within one business day.

USP

Related Services

NIS2 Boardroom Training

Boardroom NIS2 puzzle

Prepare your boardroom for NIS2 compliance with our comprehensive Boardroom Training. Learn to identify and address cyber risks, meet NIS2 requirements, and safeguard your organization's digital infrastructure. Secure your spot now.

Overview NIS2 Services

Secura NIS2 Services

Discover all our services related to NIS2.

Why choose Secura | Bureau Veritas

At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.

Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.