Businesses around Europe are gearing up for the new NIS 2 directive on cybersecurity, which aims to further harmonize security best practices across EU member states. Below are 5 key insights into the latest legislation, how ISO certification can help ensure compliance, and what it means for your business and your digital experiences.
1: Wider scope of application
The NIS 2 directive, which comes into effect on 18 October 2024, marks a major update of the EU's regulatory framework on cybersecurity. It specifies cybersecurity requirements for critical industries and covers more entities compared to the original NIS directive from 2016. Industries such as banking, energy and healthcare are also included under the new rules, meaning that organizations in these fields will need to ensure they have robust information security frameworks and procedures in place to meet these updated standards.
2: Stricter incident reporting obligations and timelines
NIS 2 stipulates that companies must adhere to specific reporting procedures in the event of incidents. Organizations must notify their national authorities of any data breaches or cybersecurity incidents within 24 hours, typically through an online reporting system. A more detailed report must then be submitted within three days.
3: Setting the stage for other regions
It’s estimated that more than 100,000 EU-based companies will need to comply with NIS 2. The directive is likely to set a new international benchmark for best practices in critical infrastructure, influencing non-European companies to follow to some extent. As a result, multinational organizations that prioritize NIS 2 compliance at their European branches will be a step ahead when rolling out their cybersecurity policies and frameworks in other regions.
4: Security requirements for the entire supply chain
NIS 2 is not only focused on the security of critical industry-specific organizations, but also requires their entire supply chain to be secure. Companies impacted by NIS 2 must ensure that their suppliers and partners meet adequate cybersecurity standards, making third-party risk management a key priority. This is why verified NIS 2-compliant partnerships are essential.
5: ISO certification ensures instant NIS 2 compliance
Forward-thinking organizations and suppliers are increasingly turning to ISO certification to meet the new NIS 2 requirements. The ISO 27001 standard provides a framework for information security management systems (ISMS). Organizations that comply can opt to request an independent audits to verify they meet the required security standards for risk assessment, incident management and supply chain security. At Dropsolid, we took early steps to apply for company-wide ISO 27001 certification, giving our partners full peace of mind when building their digital experiences together.
Build better and NIS 2-compliant digital experiences with Dropsolid
Forward-thinking organizations and suppliers are increasingly turning to ISO certification to meet the new NIS 2 requirements. The ISO 27001 standard provides a framework for information security management systems (ISMS). Organizations that comply can opt to request an independent audits to verify they meet the required security standards for risk assessment, incident management and supply chain security. At Dropsolid, we took early steps to apply for company-wide ISO 27001 certification, giving our partners full peace of mind when building their digital experiences together.