![](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/06\/26092738\/what-is-nis2-directive-featured.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Alanna Titterington| Date: Wed, 26 Jun 2024 13:31:08 +0000<\/strong><\/p>\n Today’s topic is the NIS 2 Directive, which aims to improve the cyber-resilience of critical infrastructure and essential and important entities. NIS 2 looks set to do for information security in the EU what GDPR did for user data privacy.<\/p>\n It won’t be long now before the new directive will be transposed into national law, so if your organization is not yet ready, now’s the time to take steps.<\/p>\n The revised Network and Information Security Directive (NIS 2<\/a>) is the EU-wide legislation on cybersecurity. NIS 2 updates and complements the original NIS Directive, adopted in 2016, and creates a legal framework to enhance the overall level of cybersecurity across the EU.<\/p>\n The updated NIS 2 Directive focuses on three main areas:<\/p>\n As mentioned above, the revised directive significantly<\/em> broadens the scope of application compared to the original 2016 version. In addition, NIS 2 introduces a classification that divides the covered sectors into two categories:<\/p>\n Besides classifying sectors, NIS 2 introduces an additional classification of specific entities. It too consists of two categories:<\/p>\n The category an entity belongs to has significant practical implications. The activities of entities classified as essential<\/em> will be subject to much stricter and proactive oversight, including random raids, special security checks, and requests for proof of compliance. For non-compliance with NIS 2, essential<\/em> entities may face a fine of up to \u20ac10 million or 2% of global annual turnover<\/strong>.<\/p>\n Entities classified as important can breathe a bit more easily \u2014 they’re subject to less stringent controls. For important<\/em> entities, the penalties are slightly more modest: up to \u20ac7 million or 1.4% of global annual turnover<\/strong>.<\/p>\n Note that, unlike GDPR, NIS 2 is a directive<\/a>, \u2014 not a regulation<\/em> of the European Union. This means that EU Member States are legally required to amend their national legislation within the designated time frame. In the case of NIS 2, the deadline is set for October 17, 2024.<\/p>\n In addition, EU Member States will have to draw up lists of essential<\/em> and important<\/em> entities subject to NIS 2 by April 17, 2025.<\/p>\n It will be useful to revisit the timeline of the main stages of NIS 2:<\/p>\n More information about the updated EU Network and Information Security Directive, and how organizations can prepare for its entry into force, is available on our dedicated NIS 2 site<\/a>.<\/p>\nWhat is NIS 2?<\/h2>\n
\n
What organizations does NIS 2 apply to?<\/h2>\n
\n
\n
\n
\n
\n
\n
NIS 2 timeline<\/h2>\n
\n
How to prepare for NIS 2 implementation?<\/h2>\n
\n