Close this search box.

NIS2: What it is and how your company becomes compliant

Share now

The NIS2 Directive is a new EU law that aims to improve the cybersecurity of organisations that provide essential or important services to society or the economy. It updates and expands the original NIS Directive from 2016, which only covered certain sectors and types of organisations. The NIS2 Directive covers more sectors, such as space, wastewater, food, and postal services, and introduces a new category of organisations called important entities, which include providers of public electronic communications networks or services, social networking services platforms, and data centre services.

The NIS2 Directive also sets higher standards for risk assessment and management, incident reporting, and cooperation between EU Member States. The NIS2 Directive is designed to enhance the resilience of networks and information systems and protect the personal data of EU citizens. 

What is the scope? 

The NIS2 Directive sets out a number of requirements for organisations to improve their cybersecurity, including: 

  • Risk assessment and management: Organisations must identify and evaluate the cybersecurity risks they face and implement appropriate security measures to prevent or mitigate them. 
  • Incident reporting: Organisations must notify their national cybersecurity authority of any significant cybersecurity incidents that affect their networks or information systems within 24 hours. 
  • Incident response: Organisations must have plans and procedures to respond to and recover from cybersecurity incidents as quickly and effectively as possible. 
  • Communication and cooperation: Organisations must share information and best practices with each other and with their national cybersecurity authority to enhance their cybersecurity capabilities and awareness. 
  • Security awareness and training: Organisations must ensure that their staff are trained and educated on how to protect themselves and their organisation from cyber threats and how to report any suspicious activity. 
  • Supply chain security: Organisations must assess and manage the cybersecurity risks posed by their suppliers and ensure that the products and services they use are secure and reliable. 
  • Resilience: Organisations must take steps to increase the resilience of their networks and information systems to withstand and recover from cyberattacks. This includes having backup systems, recovery plans, and security controls that are resistant to cyberattacks

Why is NIS2 an opportunity?

Businesses should see the NIS2 Directive as an opportunity to improve their cybersecurity posture and gain a competitive edge in the digital market. It is not only a legal obligation, but also a strategic opportunity for businesses to strengthen their cybersecurity capabilities and position themselves as leaders in the digital economy. 

  • A clear and consistent framework for cybersecurity across the EU, reducing the complexity and cost of compliance. 
  • A higher level of trust and confidence from customers, partners, and regulators, enhancing their reputation and brand value. 
  • A lower risk of cyberattacks and disruptions, minimizing the potential losses and damages to their operations and assets. 
  • A greater awareness and preparedness for cyber threats, enabling them to respond quickly and effectively in case of incidents. 
  • A more innovative and resilient digital ecosystem, fostering collaboration and learning from best practices and experiences. 

How we can help 

Risk Assessments

We help assess your storage, backup, disaster recovery, and proactive security posture.

Incident Reporting

Incident reports in standard NIS2 format – helping you comply with the 24h NIS2 regulations – quickly.

Incident Response

24/7 access to an Incident Response Team (IRT) and Support team to resolve an incident quickly and minimize operational impact.

Proactive Protection

Peace of mind when our experts monitor, analyze, and provide proactive alerts, empowering you to stay ahead of evolving threats and ensure data protection.

Efficient Backup

Multi-level backup solutions from top vendors, complemented by our Proact Cloud Vault – a remote backup copy with immutability, air-gapping, and a testing sandbox.

Fast Recovery

Recovery planning, from a technology and process perspective with RPO/RTO. Additionally, we offer a hot site option if required.

Explore more articles


Get in touch

We would love to hear from you. Visit us, call us, join our social media community or send us a message.

By clicking Submit, I agree the terms and conditions outlined in the Proact Privacy Policy.