11.10.2023

Security | Everything you need to know about the NIS2 directive

Share      
Ontwerp zonder titel 2

Since the beginning of 2023, the NIS2 directive has come into force. This means that there is now EU-wide legislation on cybersecurity, established by the European Commission. This directive was proposed in 2018 and is a revision of the NIS directive, which was introduced in 2016. NIS2 aims to increase overall cybersecurity within the EU. As an organization, you must take into account a number of new obligations that affect your IT infrastructure and processes. Belgium has approximately 4,000 (public and private) organizations covered by the NIS2 directive.

Do you fall under this regulation? And what exactly is the impact on your organization? Discover more in this article.

1. Let's start with the key question: which organizations does the NIS2 directive apply to?

  • Essential organizations: These are the essential service providers of society and thus can have a direct impact on the economy, society, or national security. Some examples of essential entities include:

    - Energy suppliers
    - Transport companies
    - Financial institutions
    - Healthcare organizations
    - Government agencies
  • Digital service providers: These are organizations that offer important digital services, such as online marketplaces, cloud computing services, and search engines. Digital service providers have a significant impact on the daily lives of people and organizations.

2. I belong to one of these organizations. What impact does the European Commission's NIS2 directive have on my security policy?

  • You must conduct a risk analysis of your network and IT systems. This analysis should identify and assess the potential risks of cyberattacks.
  • After this analysis, you need to take the necessary measures to mitigate these risks. Consider solutions such as a stronger password policy or smarter firewalls.
  • You are required to report cybersecurity incidents to the national authority. This must be done within 24 hours of detecting an incident.

If the NIS2 directive applies to your organization, you have until October 17, 2024, to comply with the obligations.

3. What can I do to prepare for this?

At AppSys, we recommend starting your preparation early. Engage with us to understand what you need to do to comply with the regulations. A first step is to conduct a risk analysis. This will help you determine if you are compliant or identify what steps you need to take to comply with the new directive. Additionally, staying informed about new developments is important, as legislation continues to evolve. Therefore, stay in touch with our specialists to ensure you are well-prepared.

The NIS2 directive is a significant step toward enhancing cybersecurity levels in the EU. It will help protect essential services and key digital services better against cyberattacks.

AppSys helps you navigate NIS2

A first step is a risk analysis of your network. At AppSys, we offer various options for security audits. You can easily request more information about our security audits using the form below:

Request your security audit