Skip to the main content.
Kontakt
Linkedin YouTube

NIS-2 Directive

Network and Information Security Directive

EU legislation: Cybersecurity

Getting ready for the NIS 2 Directive
Knowledge

NIS 2 Directive

Everything important at a glance!

What costs are involved?

Important facilities

Important facilities

Violations of the requirements can result in substantial fines of up to 7 million euros or 1.4% of the respective company's global annual turnover. The management bears full responsibility for legally compliant implementation and remains personally liable - there are no exceptions. The legal requirements particularly affect medium-sized companies with 50 or more employees or with a balance sheet total of more than 10 million euros.

scanreport_image

Particularly important facilities

Particularly important facilities

For companies that are considered operators of critical infrastructure or have more than 250 employees or a balance sheet total of more than 43 million euros, strict requirements and significant consequences apply in the event of breaches: Fines of up to 10 million euros or 2% of annual global turnover are threatened. Responsibility for compliance with the requirements lies explicitly with the management - complete delegation is not possible, meaning that managers can be held personally liable.

scanreport_image

Am I affected?

These companies urgently need to prepare

What does this mean for your company?

In future, the NIS 2 Directive will no longer only cover traditional operators of critical infrastructures, but also companies that play a key role in society, the economy or the supply chains of critical players. The extension to numerous small and medium-sized enterprises (SMEs) is particularly relevant here: the requirements of the directive apply from 50 employees or an annual turnover of at least 10 million euros - or a balance sheet total of more than 10 million euros.

Affected organizations must introduce and continuously update comprehensive IT security measures. These include, in particular, risk analyses, emergency and response plans, security guidelines for IT systems, supply chain security measures and regular awareness training. In addition, there is a strictly regulated reporting obligation: companies must initially report a significant security incident ("significant incident" in accordance with Art. 23 NIS-2 Directive) as an early warning within 24 hours of becoming aware of it. A more detailed report with an initial assessment of the incident, its impact and the measures taken follows within 72 hours of becoming aware of it. A final report must be submitted within one month at the latest, which includes a root cause analysis, technical details, impact assessment and response measures. In addition, there is a binding obligation to register with the BSI, which all affected institutions must comply with.

With the implementation of the NIS-2 Directive, the requirements for companies are increasing significantly. A passive or negligent approach to cyber security can be costly in the future. Breaches of key obligations - in particular the risk management measures under Art. 21 and the reporting obligations under Art. 23 - can be punished with significant penalties: Fines of up to 10 million euros or 2 percent of global annual turnover are threatened for particularly important facilities, and up to 7 million euros or 1.4 percent of turnover for important facilities. In addition, the company management remains personally responsible - complete delegation is not possible.
Coaching

Which sectors are affected?

Critical sectors at a glance

Three-stage reporting system

If a security incident does occur

Sanduhr

Within 24 hours

Within 24 hours

an initial report (early warning) must be made to the responsible authorities, stating whether the security incident is possibly due to illegal or malicious acts.

scanreport_image

Sanduhr

Within 72h

Within 72h

the follow-up report must be submitted within 72 hours. This includes an assessment of the incident in terms of severity and impact and, if possible, information on the Indicators of Compromise (IoC). Without specialized security expertise, it is almost impossible to complete the report on time.

scanreport_image

Sanduhr

After one month

After one month

a final report is due, which must contain at least a detailed description of the security incident, its severity and impact, as well as information on the nature of the threat and the remedial measures taken.

History_Background

How to comply with the NIS-2 directive with RIEDEL Networks

Choose [R.E.D.] to Protect!

With our IT security solution [R.E.D.], we support you in setting up and managing your IT infrastructure in compliance with the law. In [R.E.D.], advanced technologies and systems are brought together and applied in such a way that you can guarantee comprehensive protection for your company network.

A decisive advantage for you is that with the [R.E.D.] service you hand over responsibility for continuous 24/7 monitoring to us. This allows you to concentrate fully on your core business while we take care of all security-related aspects for you. In the event of a security incident, we will inform you immediately and offer you comprehensive support in decision-making from our technical experts. To ensure that you do not lose track of your IT infrastructure, we prepare regular reports on your company's security situation.

It is important to realize that investing in an IT security solution not only serves to comply with legal regulations, but also represents a considerable advantage for your company. Because in the event of an attack, your valuable company data is at stake and timely preventive measures can save you considerable damage and costs.

Contact us and we will find a customized [R.E.D.] solution for you.

Find out more about [R.E.D.] now

Spotlight: IT security

Your guide to current and future cyber threats

IT security is essential, but how do you get started effectively as a company? Our white paper provides you with comprehensive knowledge about current cyber threats and shows practical strategies for defense. Find out how you can protect your company from the ever-increasing risks, whether you are in the IT industry or not. Use this white paper to strengthen your security strategy and make informed IT security decisions.

Download whitepaper now!
IT security