The European “Network & Information Security” directive will be adopted by all member states in national regulations in the coming months.

NIS2 aims to improve cybersecurity and the resilience of essential services in EU Member States. The NIS2 is an extension of the first directive, among other things, by being valid for more sectors. In addition, the directive sets stricter security standards and incident notification requirements.

In the Netherlands, the first guideline (NIB) has been included in the “Network and Information Systems Security Act” (Wbni).

The Directive contains three key elements:

Duty of care – The directive contains a duty of care that requires companies to carry out their own risk assessment and take appropriate measures to safeguard their services and protect the information used.

Duty to report – The directive prescribes that companies must report incidents to the regulator within 24 hours.

Supervision – Organisations covered by the directive will also be subject to supervision. The NIS2 Directive prescribes that an independent supervisor (outside of any inter-administrative supervision) looks at compliance with the obligations under the Directive. Such as the duty of care and the duty to report.

The information security and privacy policy requires a record and a certain approval structure. By using a document management system for this, a lot of work can be taken off your hands.

We use our experience with information security of our cloud solutions and the ISO certification processes for information security to help companies prepare for the NIS2 regulations. With the same pragmatic approach that people have come to expect from us.

Would you like to know more about how we can help you be prepared for the NIS2 directive? Please contact our colleague Adriaan!