The NIS-2 Directive is an EU-wide cybersecurity legislation that has been in force since 2023. In Germany it will be implemented into national law by October 17, 2024 (NIS-2 Implementation and Cybersecurity Strengthening Act) and defines mandatory security measures and reporting obligations for many companies and organizations. Those affected must demonstrate compliance with these requirements through appropriate cybersecurity measures. Management is personally responsible and liable for violations.
What does NIS mean?
NIS policy stands for “Network and Information Security” policy.
The NIS 2 directive affects public and private entities in 18 sectors at least 50 employees or one Annual turnover of at least EUR 10 million. Some, such as parts of the digital infrastructure and public administration or KRITIS, are affected regardless of their size.
Even if you don't come directly from NIS2 Implementation Act, affected business partners or customers may have to request evidence from you as a supplier as part of the required supplier management.
According to NIS2, you must take at least the following cybersecurity measures to manage the security risks of your information systems and prevent or minimize the consequences of security incidents. This requires the protection of IT systems as well as their physical environment.
The management is responsible for monitoring the implementation of measures and is liable for any violations. In addition, she is obliged to take part in training and to ensure that this is also offered to employees.
Early warning within 24 hours of knowledge:
An early warning is required within 24 hours of the incident becoming known. This includes assessing whether the incident was the result of an illegal or malicious act and whether it has cross-border effects.
Detailed report within 72 hours of knowledge:
A detailed report must be submitted within 72 hours of becoming aware of the incident. This report includes an initial assessment of the security incident, including its severity, impact and, if applicable, indicators of compromise.
Progress/final report one month after notification:
A progress or final report must be submitted one month after the incident is reported. This report contains a detailed description of the incident, information on the nature of the threat, its causes, the remedial measures taken and, if applicable, the cross-border impact.
If NIS-2 applies to you, you must register with the national authority.
Our focus is to be at your side as experts and to provide you with comprehensive support on your way to NIS2 compliance. With our managed service, you receive the comprehensive, worry-free package and are on the safe side.
with individual adaptation to your needs
Price on request
Is my company assigned to one of the affected sectors? Are my customers significant or critical entities affected by the provisions of the NIS 2 Directive?
We check which measures are still missing in your company. Which measures are suitable or appropriate?
We implement the identified measures.
We regularly check and evaluate your measures and adjust them if necessary.
We would be happy to advise you personally on the NIS 2 directive and create an individual offer that suits your requirements.
Stefan Milde
Key Account Manager
Manfred Schuster
Consultant
Find out everything you need to know about the NIS 2 directive and how we support companies in implementing it.
We look forward to your inquiry! Simply leave us a message and we will contact you immediately.
So that we can help you most easily via remote maintenance, please download it here Teamviewer program Download and contact our support.
Our support team will then support you directly in setting up the tool.