NIS2

NIS2

NIS2 is an EU directive that tightens the requirements for cybersecurity in companies and authorities.

The directive has been implemented in Danish legislation and will enter into force as a national law on July 1, 2025. The covered entities must register by October 1, 2025.

The EU’s cybersecurity directive NIS2 is an update of the previous NIS directive, which stands for “Network and Information Security”. A significant difference between version 1 and 2 is the size of the fine level for violations, and the number of companies, authorities and organizations subject to it increases significantly.

NIS2 applies to the following sectors

  • Banking and financial market infrastructure (Financial Business Act)
  • Digital infrastructure (Security and Emergency Preparedness Act)
  • Digital services (e.g. social networking platforms and data center services)
  • Digital service providers
  • Energy supply (The Act implements both the NIS 2 Directive and the CER Directive)
  • Manufacture of products critical to society (e.g. medicine, pharmaceuticals, medical devices and chemicals)
  • Food
  • Municipalities
  • Public administration
  • Postal and courier services
  • Regions
  • Space and similar enterprises
  • Wastewater and waste management
  • The state
  • Health
  • Transport
  • Providers of public electronic communications networks or services
  • Water supply

There are three criteria that determine whether a company is covered by NIS 2:

  1. The company belongs to one of the covered sectors and
  2. The size of the company or
  3. The company is covered regardless of size or is particularly important from a societal perspective.

Companies that are not covered by NIS 2 legislation may still be affected if they supply services or goods to a company that is covered by NIS 2 legislation.

NIS2 Compliance

There are eight activities that can help you implement and comply with NiS2:

  1. Management and board briefing
  2. GAP analysis
  3. Workshops
  4. Risk management and risk management
  5. Information Security Management System
  6. Documentation and maintenance
  7. Employee training
  8. Change management

Standards for NIS2

The following ISO standards ISO 27001 and IEC 62443 can help you comply with NIS2.

Consulting assistance for NIS2

SC Engineering has cybersecurity advisors and consultants who are updated within NIS2. They possess the latest knowledge about cyber threats, risk analysis and risk management. You can also get help with implementing an ‘Information Security Management System’. Contact steven@clauwaert.dk