The new NIS-2 directive
Network and information security policy
EU legislation: Cybersecurity
Getting ready for the NIS-2 Directive
What is the NIS-2 Directive?
The NIS-2 Directive is EU-wide legislation on network and information security. The aim is to strengthen the cyber security of companies and ensure a uniformly high level of security in the EU. Each company is responsible for assessing whether it is affected by the Network and Information Security Directive (NIS-2 for short). The type of business activity in the EU is the decisive factor. A total of 18 sectors are affected by the NIS-2 Directive. It actually has its origins in the NIS Directive (Network and Information Security Directive), which was introduced in 2016. The NIS-2 Directive came into force on January 16, 2023 and must be implemented by the EU by October 17, 2024 and must be transposed into national law by the EU member states. What has changed compared to the NIS Directive? With the introduction of NIS-2 Directive
- the scope of application has been extended to numerous additional sectors,
- stricter safety requirements have been introduced,
- established stricter liability regulations for the management and
- higher penalties introduced for non-compliance.
What is the purpose of the NIS-2 Directive?
Our world is changing and becoming increasingly digital – devices and systems are becoming more intelligent and increasingly networked. This advancing digitalization not only brings immense benefits and opportunities, but also growing risks and challenges in the area of cyber security. In view of these risks, security measures are becoming increasingly important. The NIS-2 Directive will ultimately encourage companies to take action against cyber threats in order to improve the level of security in EU member states and ensure the protection of critical infrastructure and sensitive data.
Essential facilities
Essential facilities
Fines of up to EUR 10 million or 2% of the previous year’s total worldwide turnover of the company to which the organization belongs. The company management is held responsible for any violations and is therefore liable. Delegation is not possible in full, so the rule is “you get what you pay for”.
Important facilities
Important facilities
Fines of up to EUR 7.5 million or 1.4% of the previous year’s total global turnover of the company to which the entity belongs The company management is held responsible for any violations and is therefore liable. Delegation is not possible in full, so the rule is “you get what you pay for”.
These companies urgently need to prepare
What does this mean for your company?
The directive affects companies and organizations associated with the KRITIS sector, i.e. those that play a significant role in society and the economy, but also companies that are involved in the supply chain of critical actors, for example. The future relevance of the NIS-2 Directive for many small and medium-sized enterprises (SMEs) results from the requirement that companies and organizations with at least 50 employees or an annual turnover of at least 10 million euros must also comply with the Directive. If your company is affected by the NIS-2 Directive, you are obliged to implement and regularly update comprehensive IT security measures, including risk analysis and emergency plans. There is also a reporting obligation that requires security incidents to be reported promptly.
Essential equipment:
Important facility:
A laissez-faire attitude in the defense against hacker attacks will be noticeably punished in the future. Instead of the 150,000 euros that the first version of the NIS stipulated as the maximum amount for sanctions, operators of essential services will in future face heavy fines. Fines for breaches of Art. 21 (risk management measures) and Art. 23 NIS-2 Directive (reporting obligations for significant security incidents).
Is your company one of them?
The extended KRITIS sector: major implications for companies and institutions
Within 24 hours
Within 24 hours
Initial notification (early warning) to the responsible authorities, stating whether the security incident is possibly due to illegal or malicious actions.
Within 72h
Within 72h
a report with the Indicators of Compromise must be handed over to the authorities, which becomes an almost impossible task without dedicated security know-how.
After one month
After one month
a final report is due, which must contain at least a detailed description of the security incident, its severity and impact, as well as information on the nature of the threat and the remedial measures taken.
How to comply with the NIS-2 Directive with RIEDEL Networks
Choose [R.E.D.] to Protect!
We support you with our IT security solution [R.E.D.] to set up and manage your IT infrastructure in compliance with the law. In [R.E.D.] advanced technologies and systems are brought together and applied in such a way that you can guarantee full protection for your company network. A decisive advantage for you is that with the [R.E.D.] service, you hand over responsibility for continuous 24/7 monitoring to us. This allows you to concentrate fully on your core business while we take care of all security-related aspects for you. In the event of a security incident, we will inform you immediately and offer you comprehensive support in decision-making from our experts. To ensure that you do not lose track of your IT infrastructure, we prepare regular reports on the security situation of your company. It is important to realize that investing in an IT security solution not only serves to comply with legal regulations, but also represents a considerable advantage for your company. Because in the event of an attack, your valuable company data is at stake and timely preventive measures can save you considerable damage and costs. Contact us and we will find a customized [R.E.D.] solution for you.
Spotlight: IT security
Your guide to current and future cyber threats
IT security is essential, but how do you get started effectively as a company? Our white paper provides you with comprehensive knowledge about the current cyber threats and shows practical strategies for defense. Find out how you can protect your company from the ever-increasing risks, whether you are in the IT industry or not. Use this white paper to strengthen your security strategy and make informed IT security decisions.
Find out how [R.E.D.] is made up
Choose [R.E.D.] to Protect!
Optimization of processes through automation
In-depth analysis and monitoring on all end devices
Keeping an eye on the entire IT infrastructure
The central platform for orchestrating the security apparatus
The operations center with 24/7 service
Technological impetus, flexibility and scalability
“We were looking for a partner who could advise us competently and at eye level and guarantee a reliable network connection, even in rural areas. We found this partner in Riedel Networks. The partnership is characterized by technological impetus, flexibility and scalability, which makes cooperation at all levels – from management to specialists – particularly valuable.”
A flexible partner for a complex project“The fact that working with such a professional and flexible partner has simplified many things has enabled us to save costs. With another provider, we would very likely have had to invest 30 percent more in our network over the past three years. The partnership with Riedel Networks, from account management to technical advice, has proved invaluable to Kyocera Document Solutions Europe time and time again.”
A privileged partnership“Thanks to Riedel Networks, Faller Packaging now has a modern, fully redundant, highly transparent and highly available SD-WAN network connecting our seven European branches and 1,300 employees. From the head office to the factory floor to the warehouse, our people are now equipped for dynamic production with quotas to be met at short notice, because they can rely on a stable infrastructure – and my IT team has found the ideal partner to guarantee a flawless network function.”
We found the perfect partner“IT is the backbone of every organization. This is especially true in medicine, where mistakes can be costly. Riedel has proven to be an excellent partner and the decision to go for a managed network was good and right in every respect.”
Innovative communication solutions with Riedel Networks“With the right partner in business – and in life – even the biggest obstacles can be overcome. Riedel has proven to be the right partner, not only for development, but also for all supporting processes. The peace of mind of having a reliable network and partner is priceless to me. I look forward to working with them on a radio solution for race cars in other competitive areas.”
Our SD-WAN works perfectly!
“Today’s #IT challenges no longer lie in maintaining infrastructure. #IT must add value by helping employers and customers stay ahead of the competition. Our SD-WAN works perfectly, and we haven’t experienced a single outage since we switched over (to RIEDEL) from MPLS. Riedel handles our network infrastructure and our connection to the internet, leaving us to focus on best serving our customers. They have negotiated new agreements with the relevant last-mile providers on our behalf. They have helped us eliminate unnecessary telecommunications expenses, and we have invested this money in managed services. With the same amount of money, we’re doing so much more..”
Riedel connects two worlds for us: Broadcast and IT. When it comes to broadcasting a first-class event like Formula 1, a strong and reliable partnership is an absolute must. We have been working with Riedels RiLink for many years. As soon as the fiber optic cable is connected to our production unit, all systems wake up, immediately connect to their hosts and start sending files or messages.
