The NIS2. Why you need to be informed about this upcoming European Cybersecurity Directive

Europe is very busy creating cybersecurity legislation such as the 'NIS2'. NIS stands for Network and Information Security. NIS2 is a directive that instructs more and more organisations in the EU (especially companies with a high importance for the economy and society) to take their cybersecurity to a higher level, in order to guarantee a certain minimum level of cybersecurity. Although awareness around cybersecurity is increasing among organisations, analyses of security incidents and data breaches often show that security incidents could have been prevented if organisations had been more careful. What is expected of your company in terms of protect, detect, respond & cover and how do you comply with the law and exclude liability?

Boardroom session NIS2

The NIS2 is coming. Would you like to know more about Ploum's cybersecurity services?

Register

The first NIS guideline was put into effect in 2016. It is implemented in the Netherlands in the Network and Information Systems Security Act (Wbni). The NIS has three basic ‘pillars of security’:

  • Identifying security risks
  • Mitigate risks through protection and detection
  • Reducing the impact of cyber incidents

These three pillars currently form the basis of the security requirements for the vital sectors (also called digital service providers and essential service providers).

In its current form, NIS2 will cover more sectors than the NIS. NIS2 covers the following sectors: energy, transport, banking, financial market infrastructure, healthcare, drinking water, waste water, digital infrastructure, public administration, aerospace, postal and courier services, waste management, chemicals, food production, manufacturing and digital providers. However, the NIS2 will also provide a degree of flexibility to allow member states to identify smaller entities that, according to them, also have a high security risk profile.

NIS2 also aims to improve supply chain security by requiring individual companies to manage cyber security risks in supply chains and in their relationships with suppliers. The proposed amendments also aim to strengthen supply chain cyber security for key information and communication technologies at European level.

Personal liability?

To ensure that effective action is taken, directors can be held liable for cyber incidents or even potentially be suspended under the NIS2. To prevent this, there are obligations when it comes to governance and incident reporting. And if things really go wrong, there will soon be the possibility of imposing fines of up to € 10 million or 2 per cent of global annual turnover. In short, there will be more supervision/inspection and enforcement will become stricter. All the more reasons to take this very seriously.

Boardroom session about cyber security?

Does your company belong to the so-called vital sectors or are you a supplier in one of these sectors and do you want to know what is coming (legally)? Specialists Hugo van Aardenne and Jouko Barensen organise 2-hour (tailor-made) boardroom sessions in which they provide information on what you can expect in this area in the near future, and explain which basic measures you can take to (continue to) comply with the law.

Above, we have discussed the NIS2 Directive. There are many more rules and regulations that might be relevant to your company.

Additionally, you might want to know which steps need to be taken if your company becomes a victim of cybercrime. Do you have an obligation to report this? Do you need to file a complaint? Do you inform all your customers? Do you need to inform your personnel?

If you are interested in discussing this in a (boardroom) session, you can register via this form.

Attorney at law

Jouko Barensen

Expertises:  Fraud and white collar crime, Administrative law, Waste law, Environmental criminal law, Cybersecurity , Transport and Logistics, BRZO, Enforcement and sanctions,

Attorney at law

Hugo van Aardenne

Expertises:  Fraud and white collar crime, Administrative law, Cybersecurity , Enforcement and sanctions, International Sanctions and Export Controls, Interne onderzoeken,

Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.

Personal data

 

Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Edit profile' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Personal data

 

Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Edit profile' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Create account

Get all your tailored information with a My Ploum account. Arranged within a minute.

I already have an account

Benefits of My Ploum

  • Follow what you find interesting
  • Get recommendations based on your interests

*This field is required

I already have an account

Benefits of My Ploum

Follow what you find interesting

Receive recommendations based on your interests

{phrase:advantage_3}

{phrase:advantage_4}


Why do we need your name?

We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.

Password

A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.