NIS 2 Directive we will align your organization with the new EU regulations

We will help you meet all the NIS 2 requirements and enhance the overall cybersecurity level of your company.

  • We will conduct a compliance audit with NIS 2
  • We will develop a dedicated implementation plan
  • We will implement solutions in accordance with the directive’s criteria

Fill in the form
We will contact you!

    The NIS 2 Directive is an EU legal-regulatory document that establishes cybersecurity standards which member states must meet in order to reduce the risks associated with cybersecurity incidents.

    NIS 2 set an EU deadline for Member States to transpose the directive by 17 October 2024 (applicable from 18 October 2024). If you haven’t started preparing yet, now is the time – implementation and enforcement are ultimately governed by your country’s national law.

    The NIS 2 Directive applies to essential and important entities in the public and private sectors, operating in areas such as energy, banking, and healthcare.

    Both categories must implement cybersecurity risk-management measures and comply with incident reporting obligations, with supervision and enforcement (including penalties) differing between essential and important entities.

    Estimates suggest that a large number of entities across the EU (will) fall within scope.

    Start implementing NIS 2

    Which sectors are covered by the NIS 2 directive?

    Essential entities  Important entities
    • energy
    • transport
    • banking
    • financial market infrastructure
    • healthcare
    • drinking water sector
    • wastewater
    • digital infrastructure
    • ICT service management
    • public administration
    • space
    • postal and courier services
    • waste management
    • production and distribution of chemicals
    • production and distribution of food
    • manufacturing
    • scientific research

    The NIS 2 Directive requires Member States to establish effective, proportionate and dissuasive enforcement measures, including administrative fines. For breaches of key obligations, Member States must ensure that entities may be subject to administrative fines with a maximum of at least:

    • essential entities: EUR 10,000,000 or 2% of the total worldwide annual turnover of the undertaking in the preceding financial year*
    • important entities: EUR 7,000,000 or 1.4% of the total worldwide annual turnover of the undertaking in the preceding financial year*

    *whichever is higher

    Start implementation

    Obligations arising from the NIS 2 Directive

    Risk Management and Security Measures

      • Establishing and maintaining risk management measures for networks and systems
      • Business continuity (BCP/DR, backups, recovery, crisis management)
      • Supply chain security
      • Security of information systems throughout their entire lifecycle
      • Vulnerability and patch management
      • Logging and monitoring (incident detection and response)
      • Cryptography/encryption
      • Access control, IAM, including MFA/strong authentication
      • Cyber hygiene and training
      • Human resources security

    Incident Handling and Reporting

      • Having an incident management process (prevention–detection–response–recovery)
      • Reporting incidents within required stages and timelines, and cooperating with competent authorities/CSIRT

    Management Accountability

      • Responsibilities at the management and supervisory level
      • Training for management staff

    Ensuring Compliance

      • Ability to demonstrate implementation and effectiveness of measures

    Additional “Sector-Specific” Obligations

      • Depending on the type of entity, additional specific obligations may apply

    Not sure what solutions you need to implement to meet the above requirements? Contact us for details.

    Leave your contact information

    To avoid hefty penalties associated with non-compliance, it’s worth checking now whether your organization meets the criteria of the directive.

    An NIS 2 compliance assessment will help identify gaps or areas in policies and processes that need to be updated or created from scratch. Entities currently subject to NIS 1 should also review their solutions, especially in the area of risk management.

    A compliance audit and gap analysis will allow you to develop a comprehensive strategy for adapting to NIS 2.

     

    Order an audit

    How can we help your organization adapt to NIS 2?

    We will conduct an audit of your information system and compliance with NIS 2, and identify areas for improvement
    We will implement risk management and business continuity solutions
    We will propose actions to enable efficient handling of cyber incidents and prepare procedures for reporting them
    We will develop and update the necessary documentation and cybersecurity management strategy
    We will design mechanisms and measures to increase cyber resilience
    We will implement a cybersecurity awareness program and conduct training sessions

    Need help with NIS 2 implementation? Want to know more?

    Contact us today. Our specialists will get back to you.

    Send a form

    Our knowledge and experience are a solid foundation for your business.

    For over 15 years, we have been managing security and ensuring the resilience of our clients’ IT services. We provide support to Polish and foreign organizations from various industries, sectors, and sizes. We always tailor our actions to the individual needs of the company, depending on the solutions it has in place.

    By implementing solutions that comply with the requirements of NIS 2, DORA, the Cybersecurity Act or CRA, we combine the broad competencies and many years of experience of our experts with advanced technologies. All this to raise the level of cybersecurity in your company, regardless of the area in which you operate and how many employees you have.

    Join our Clients

    Why choose our services?

    icon
    Individual approach tailored to organizational structures and existing solutions
    icon
    Guarantee of the effectiveness of our methods and protection in accordance with the latest knowledge and best practices
    icon
    Comprehensive cybersecurity solutions during and after the implementation of NIS 2 requirements (VCISO outsourcing)

    Have questions? Contact us!

    email icon [email protected]
    phone icon +48 22 243 39 37