Governance, Risk and Compliance
NIS2 Compliance
Comply with the European NIS2 directive with our expert support
What is NIS2?
The NIS2 directive (Network and Information Security 2) is the new European regulatory framework for cybersecurity. It replaces the NIS1 directive and significantly expands its scope to new sectors and types of entities.
Applicable from October 2024, this directive imposes reinforced obligations regarding governance, risk management, incident notification and supply chain supervision.
Expected sanctions:
Up to 10 million euros or 2% of global turnover for essential entities.
Sectors concerned
NIS2 applies to essential and important entities in many sectors
NIS2 Requirements
Cybersecurity governance
- ✓Management responsibility in cyber risk management
- ✓Implementation of an information system security policy
- ✓Mandatory training and awareness for executives
- ✓Appointment of a security officer
Risk management
- ✓Regular and documented risk analysis
- ✓Appropriate technical and organizational measures
- ✓Business continuity and recovery plans (BCP/DRP)
- ✓Supply chain security
Incident notification
- ✓Early warning within 24h
- ✓Complete notification within 72h
- ✓Final report within one month of the incident
- ✓Communication to affected stakeholders
Security measures
- ✓Access management and enhanced authentication
- ✓Sensitive data encryption
- ✓Incident detection and response
- ✓Regular security tests and audits
Our NIS2 support
Initial assessment
Evaluation of your current compliance level and identification of gaps against NIS2 requirements.
Action plan
Definition of a prioritized roadmap with necessary corrective actions and associated deadlines.
Implementation
Support in implementing measures: policies, procedures, technical solutions.
Prepare your NIS2 compliance
Our experts support you in your NIS2 compliance journey.
Request an assessment