NIS-2 directive

New measures for a high level of cybersecurity in the EU

A smiling man looks over a monitor at a seated colleague. The scene is partially obscured by plants in the foreground, suggesting a lively and friendly working atmosphere. Bright and natural colors dominate the room.
A modern office with four people at standing desks working intently on their computers. The office is bright and decorated with abstract wall art and plants as a room divider, creating a creative and lively working atmosphere. People are dressed casually and professionally, indicating a relaxed but productive work environment.
kutzschbach_it_consulting_nis2_guideline_2

NIS-2 directive
at a glance

The NIS-2 Directive is an EU-wide cybersecurity legislation that has been in force since 2023. In Germany it will be implemented into national law by October 17, 2024 (NIS-2 Implementation and Cybersecurity Strengthening Act) and defines mandatory security measures and reporting obligations for many companies and organizations. Those affected must demonstrate compliance with these requirements through appropriate cybersecurity measures. Management is personally responsible and liable for violations.

What does NIS mean? 

NIS policy stands for “Network and Information Security” policy.

Who visites is affected

The NIS 2 directive affects public and private entities in 18 sectors at least 50 employees or one Annual turnover of at least EUR 10 million. Some, such as parts of the digital infrastructure and public administration or KRITIS, are affected regardless of their size.

  • Energy
  • Postal and courier services
  • Drinking water, wastewater
  • Traffic
  • Finance
  • Manufacturing/manufacture of goods
  • Health services
  • Digital infrastructure, digital service providers
  • Production, manufacture and trade of chemical substances
  • Production, processing and distribution of food
  • Research
  • Management of ICT services (B2B)
  • Aerospace
  • Public administration
  • Waste management

Even if you don't come directly from NIS2 Implementation Act, affected business partners or customers may have to request evidence from you as a supplier as part of the required supplier management.

What must you do now

According to NIS2, you must take at least the following cybersecurity measures to manage the security risks of your information systems and prevent or minimize the consequences of security incidents. This requires the protection of IT systems as well as their physical environment.

The management is responsible for monitoring the implementation of measures and is liable for any violations. In addition, she is obliged to take part in training and to ensure that this is also offered to employees.

Early warning within 24 hours of knowledge:
An early warning is required within 24 hours of the incident becoming known. This includes assessing whether the incident was the result of an illegal or malicious act and whether it has cross-border effects.

Detailed report within 72 hours of knowledge:
A detailed report must be submitted within 72 hours of becoming aware of the incident. This report includes an initial assessment of the security incident, including its severity, impact and, if applicable, indicators of compromise.

Progress/final report one month after notification:
A progress or final report must be submitted one month after the incident is reported. This report contains a detailed description of the incident, information on the nature of the threat, its causes, the remedial measures taken and, if applicable, the cross-border impact.

If NIS-2 applies to you, you must register with the national authority.

Our Solution to the NIS 2 guideline

Our focus is on being at your side as experts and providing you with comprehensive support on your way to NIS2 compliance. With our managed service you receive a comprehensive, worry-free package and are on the safe side.

The right solution

with individual adaptation to your needs

Price on request

A concentrated man with tattoos sits in a modern rocking chair, a laptop on his knees, touching his head as if thinking or seeking a solution. He is dressed casually and is in a bright corner of the office next to a large potted plant that creates a calming atmosphere.

We support you

Our Team of experts for the NIS-2 directive

We would be happy to advise you personally on the NIS 2 directive and create an individual offer that suits your requirements.

Portrait of key account Stefan Milde in front of a neutral wall made of white bricks.

Stefan Milde
Key Account Manager

consulting@kutzschbach.de
+49 9081 2503 416

Portrait of consultant Manfred Schuster in front of a neutral wall made of white bricks.

Manfred Schuster
Consultant

consulting@kutzschbach.de
 +49 9081 2503 428

NIS 2 Directive – New regulations for a high level of cybersecurity

Find out everything you need to know about the NIS 2 directive and how we support companies in implementing it.

Request download

Your direct line to us

We look forward to your inquiry! Simply leave us a message and we will contact you immediately.


Request white paper

Remote Maintenance

So that we can help you most easily via remote maintenance, please download it here Teamviewer program Download and contact our support. 

Our support team will then support you directly in setting up the tool.

Teamviewer Download