{"id":5719,"date":"2024-01-11T12:46:03","date_gmt":"2024-01-11T10:46:03","guid":{"rendered":"https:\/\/riscreen.de\/?p=5719"},"modified":"2025-08-28T09:30:55","modified_gmt":"2025-08-28T07:30:55","slug":"nis-2","status":"publish","type":"post","link":"https:\/\/riscreen.de\/en\/nis-2\/","title":{"rendered":"NIS 2: What’s important for companies in 2024"},"content":{"rendered":"\n
\n

Is your company affected by NIS 2?<\/strong><\/p>\n\n\n\n

\n
Directly to the NIS 2 test<\/a><\/div>\n<\/div>\n<\/div>\n\n\n

Overview: NIS 2<\/h2>\n\n\n

In this article, we clarify the most significant points for companies in 2024 on the subject of NIS 2.<\/p>\n\n\n

Weaknesses of NIS 1<\/h3>\n\n\n

The digitalization and networking of society have expanded the threat scenario. At the same time, many companies in the EU lack a sufficient level of IT security. Resilience in member states and sectors is too inconsistent due to NIS 1. There was a lack of common understanding of the main threats and challenges. As a result, the directive was revised, and a political agreement was reached on May 13, 2022. The new NIS 2 Directive was officially adopted in November 2022.<\/p>\n\n\n

Building on the pillars of the previous NIS Directive<\/h3>\n\n\n

The NIS 2 Directive builds on the three main pillars of the previous NIS 1 Directive:<\/p>\n\n\n\n

    \n
  1. National cybersecurity strategy:<\/strong> Member States must establish a national cybersecurity strategy and designate national Computer Security Incident Response Teams (CSIRTs) and a competent national cybersecurity authority.<\/li>\n\n\n\n
  2. NIS Cooperation Group:<\/strong> to support and promote strategic cooperation and information sharing between Member States and CSIRTs.<\/li>\n\n\n\n
  3. Sectors of critical importance:<\/strong> The NIS 1 Directive ensures cybersecurity measures in seven key sectors, such as energy, transportation, healthcare and digital infrastructure.<\/li>\n\n\n\n
  4. <\/li>\n<\/ol>\n\n\n\n

    The NIS 2 Directive aims to rectify the shortcomings of NIS 1, adapt it to current needs, and make it fit for the future. It does this by extending the scope of application to new sectors, introducing clear size criteria, and eliminating the distinction between operators of essential services and digital service providers. The directive aims to strengthen security and reporting obligations, address cyber risks in supply chains and supplier relationships, and improve cooperation and information sharing between member states.<\/p>\n\n\n

    Coverage of the NIS 2<\/h3>\n\n\n

    The NIS 2 Directive covers sectors of high criticality, but also critical sectors. The classification of companies is based on their importance, whereby a clear size criteria rule has been introduced.<\/p>\n\n\n\n

    Critical sectors (essential entities) are, for example:<\/p>\n\n\n\n