The new NIS2 Directive introduces significant changes to cybersecurity across the European Union. As a result, many companies need to understand whether this directive applies to them. To check if NIS2 is relevant to your organization, it is worth answering a few key questions.
STEP 1.
Company classification by size:
Medium-sized enterprises: If your organization employs fewer than 250 people (but more than 50) and has an annual turnover of up to €50 million (but more than €10 million) or total assets of up to €43 million, it is classified as a medium-sized enterprise according to the EU definition.
Large enterprises: If your organization employs more than 250 people and has an annual turnover of at least €50 million or total assets of at least €43 million, it is classified as a large enterprise according to the EU definition.
If your company meets one of the above definitions, proceed to the next step to assess whether the sector your company operates in is covered by the NIS2 directive.
STEP 2.
Sector of activity:
NIS2 applies to organizations operating in certain sectors that are critical to the functioning of the economy and society. If your organization operates in one of the following sectors, it is highly likely that it will be covered by the NIS2 directive:
- Energy: Distribution, transmission, and sale of electricity, gas, oil, or operations related to electric vehicle charging points.
- Transport: Air, rail, road, and water transport, including shipping companies and port facilities.
- Banking and finance: Credit services, financial markets, financial infrastructure.
- Healthcare sector: Medical facilities, research laboratories, pharmaceutical manufacturing, medical device production.
- Water supply: Drinking water suppliers, sewage operators.
- Digital infrastructure and IT: Domain registries, trust services, data centers, cloud services, electronic communication services, managed services, and IT security.
- Public administration: At the central, regional, and local levels.
- Space: Operators of ground-based space infrastructure.
- Postal and courier services.
- Waste management.
- Chemical product manufacturing and distribution.
- Food industry: Production and distribution of food.
- Manufacturing: Production of medical devices, electronics, optics, machinery, motor vehicles, trailers, and other means of transport.
- Digital service providers: Online marketplaces, search engines, social platforms.
- Research organizations.
If your organization operates in one of these sectors, it is likely to fall under NIS2.
If your organization meets the size criteria and operates in one of the sectors mentioned above, there is a high likelihood that the NIS2 Directive will apply to your company.
If your organization uses security systems such as CCTV (video surveillance systems), access control systems, alarm systems, intercom systems, or other advanced security systems, it's important to note that the NIS2 Directive also covers cybersecurity issues related to such installations.
Consequences of non-compliance with NIS2
It is also important to keep in mind that non-compliance with NIS2 will be strictly enforced and penalized. Organizations that fail to comply with the new cybersecurity requirements may face severe consequences, including financial penalties and other sanctions depending on the nature and scale of the violations. Therefore, it is crucial to identify potential risks and implement appropriate preventive measures for securing security systems.
In such a case, it is advisable to consult a cybersecurity expert to thoroughly analyze the obligations under NIS2 and ensure compliance with the new regulations.
The NIS2 Directive aims to increase digital security, and compliance is crucial for the protection of critical infrastructure across the European Union.
Share on
Share on
Share on
Autor
