IT security by IT-HAUS
Mastering the NIS2 directive - Increase your IT security & minimize compliance risks
Customized IT security solutions & expert knowledge for your NIS2 compliance
Act to strengthen cyber security
What is the NIS2UmsuCG?
The Network and Information Security Directive 2 (NIS2 Directive) was adopted at the end of 2022 in response to the increased threat situation with regard to cyber attacks and the associated increase in (also technical) requirements for the defense against such incidents.
In Germany, this will be done through the NIS2 Implementation and Cyber Security Strengthening Act (NIS2UmsuCG).
This directive defines EU-wide basic requirements for cyber security and obliges affected organizations to control the risks of their information systems.
Facilities affected
Who is affected?
The NIS2 Directive extends the scope of application far beyond the previous definition of "critical infrastructures" within the meaning of the KRITIS legislation. The facilities concerned are defined on the basis of two key criteria: Company size and company sector.
1st criterion: Company size
Company with...
... at least 50 employees or
... an annual turnover / annual balance sheet of more than 10 million euros
can be regulated by NIS2 if they also fulfill criterion 2.
 |
Important:Irrespective of the size of the company, certain operators, particularly in the digital infrastructure and public administration sectors, are also to be regulated. |
Criterion 2: Business sector
A distinction is made between "particularly important entities" and "important entities". This distinction largely determines the degree of government monitoring and the intensity of sanctions in the event of breaches of the rules.
The "Particularly important facilities" include operators from nine sectors as well as special cases and the "Important facilities" include eight sectors and medium-sized operators from all sectors.
Affected organizations belong to the following of the 17 sectors:
Cybersecurity & risk management
The core requirements of the NIS2 directive
NIS2 defines basic requirements for cyber security. The institutions concerned are obliged to control the risks that affect their information systems. In addition to various technical measures (including regular vulnerability scans/pentests, backups, attack detection, multi-factor authentication), this also includes organizational measures (including risk management, IT emergency manual, regular training for all employees on the topic of cyber security) and incident management.
As the responsible supervisory authority, the Federal Office for Information Security (BSI) will monitor compliance with the requirements. The BSI will also have the authority to oblige companies to inform affected customers, the public or data protection authorities in the event of significant security incidents.
In addition, the NIS2 Directive obliges the facilities concerned to submit a multi-stage report in the event of significant security incidents.
24h
- Early first notification
- Suspicion of unlawful acts
72h
- Assessment of severity and impact
- Indicators of compromise (IoC)
1 month
- Detailed description
- Underlying causes
- Remedial measures taken
Consequences of violations
Sanctions and personal liability of the management
Fines may be imposed for violations of NIS2 requirements up to a maximum of
- €10 million or 2% of global sales (particularly important facilities)
- €7 million or 1.4% of global sales (major facilities)
The NIS2 Directive also imposes various obligations on management
- Implementation of the risk management measures taken
- Monitoring the implementation
- Regular participation in cyber security training
- Offer training for employees as part of the risk management measures
The management is personally liable for any damages incurred (fines, recourse claims from third parties).
The NIS2 implementation with IT-HAUS
Ready for NIS2 in just 5 steps
1st NIS2 - Readiness Workshop
We support you with the impact and GAP analysis on your way to NIS2 compliance.
2nd NIS2 - Implementation project
3. registration with the BSI
You must register with the BSI within 3 months of becoming affected.
4. reporting of security incidents
Prepare the necessary processes for reporting an incident and practise the procedure.
5. do you have an emergency plan?
Are you ready for NIS2?
NIS2 Readiness Workshop
How well prepared are you for NIS2? Find out!
Using a preliminary questionnaire, we guide you through the key requirements of NIS2. In the subsequent joint workshop, we carry out a gap analysis and develop your individual roadmap to NIS2 readiness.
Comprehensive status check of your NIS2 compliance
GAP analysis on current NIS2 compliance
Recommendations for action with prioritization
On request: legally compliant impact analysis
Offer
NIS2 Readiness Workshop
from € 2.500,00*
* (net) plus statutory VAT
Status check
Targeted investment planning
Early action
Worth knowing
Information about NIS2
Video podcast
IT-TALK #7: NIS2 - The new EU directive puts companies under pressure to act
With the revised Network and Information Security Directive (NIS2), the European Union is creating uniform EU-wide minimum standards for the resilience of companies and authorities against cyber attacks.
Webcast
NIS2 - Cyber security becomes a top priority
The new EU Directive on Network and Information Security (NIS2) makes IT security a top priority and sets minimum standards for cyber security. Watch the webcast recording to find out what the new requirements mean for your company and how you can implement them in practice.
Video podcast
IT-Talk #8: HACKED -
Insider perspective on hacker attack
The IT nightmare has come true! The company hacked, the systems out of control! In a special episode of our IT Talk, Frank Benke, Head of IT at HAHN Automation Group, reports on how he and his team experienced a hacker attack!
FAQ
The most important information at a click
What does "NIS2" stand for?
It defines EU-wide basic requirements for cyber security and obliges affected institutions to control the risks of their information systems.
Is NIS2 now replacing the GDPR?
What is special about NIS2?
Who is affected by NIS2?
Will I be informed if I am affected?
How is compliance with the NIS2 requirements checked?
What do I need to consider in the event of security incidents?
What are the consequences of non-implementation?
How can IT-HAUS GmbH help me?
Which topics can our security experts support you with?
Contact us, we will support you on your way to a successful and secure digital future. Our contacts who specialize in your company's IT security will be happy to advise you.
