NIS2: The EU’s new cyber security legislation
Blog|by Leanne Bevan|13 April 2023
What is NIS2?
The Network and Information Systems Directive (NIS2) is a new European Union (EU) legislation aimed at strengthening the cyber security of critical infrastructure providers and digital service providers. The directive aims to ensure that these entities take the necessary measures to prevent and manage cyber security incidents.
Which industries need to comply with NIS2?
NIS2 builds upon the first NIS directive, which was adopted in 2016. The original directive established a set of requirements for the cyber security of operators of essential services in critical sectors, such as energy, transport, healthcare, and finance. NIS2 extends the scope of the directive to include digital service providers, such as cloud service providers, search engines, and online marketplaces.
The directive mandates that critical infrastructure providers and digital service providers must take adequate measures to manage cyber security risks and prevent cyber security incidents. They are required to implement robust cyber security strategies, including risk management, incident management, and business continuity plans.
NIS2 also requires these entities to report significant cyber security incidents to competent authorities within 24 hours of detection. The competent authorities are responsible for enforcing the NIS2 directive in their respective countries and ensuring compliance with the requirements.
One of the key features of NIS2 is the establishment of a European Cybersecurity Competence Centre (ECCC) and a European Cybersecurity Industrial, Technology and Research Competence Centre (ECITRC). The ECCC is responsible for developing and promoting cyber security knowledge and expertise across the EU, while the ECITRC is responsible for developing and promoting cyber security technologies and innovation.
NIS2 is a crucial step in strengthening the cyber security of critical infrastructure providers and digital service providers in the EU. The directive aims to create a more secure and resilient digital environment, which is essential for the functioning of the EU economy and society.
The challenges
However, compliance with NIS2 can be challenging for many organisations, especially small and medium-sized enterprises (SMEs). SMEs may lack the necessary resources and expertise to implement the required cyber security measures, and they may struggle to report cyber security incidents to competent authorities within the required timeframe.
To address these challenges, the EU has established a support programme for SMEs called the Cyber Security Competence Centre for SMEs (CC-SME). The programme provides SMEs with access to cyber security expertise, training, and support to help them comply with the NIS2 directive.
Key takeaways about NIS2
The NIS2 directive is a critical step in improving the cyber security of critical infrastructure providers and digital service providers in the EU. The directive aims to create a more secure and resilient digital environment, which is essential for the functioning of the EU economy and society. However, compliance with the directive can be challenging for many organisations, especially SMEs. The EU’s support programme for SMEs aims to address these challenges by providing them with access to cyber security expertise, training, and support.
How Grey Matter can help you with cyber security and compliance with NIS2
Grey Matter partners with several leading and niche cyber security software companies that can provide many of the cyber security solutions required to help you comply with NIS2. For instance, we can help you with cyber security training, endpoint detection and response software or managed services, patch management, firewalls and more.
Our cyber security specialists are on hand to answer any questions you have and are there to ensure you have the right tools and licensing needs to effectively secure your business and comply with regulations.
Fill in the form below to arrange a call with one of our specialists.
Contact Grey Matter
If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.
By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.
Leanne Bevan
Related News
Delphi 30 For 30 Webinars 2025
Tue 14 January 2025 - Fri 25 April 2025 6:00 pm - 7:00 pm GMT
Delphi’s celebrating its 30th anniversary this February. An incredible milestone. It’s come a long way since 1995. It’s kept up with the times, from working with AI to compiling apps for any platform out there from one elegant codebase. Celebrating...
Grey Matter Achieves Cyber Essentials and ISO 9001 Certifications
We are pleased to announce that we have achieved our Cyber Essentials and ISO 9001 certifications for another year. We want to do our due diligence as much as possible. And we can’t sell and promote the importance of cyber...
ACCU Conference 2025
1 - 4 April 2025 9:00 am - 4:00 pm GMT
We’re delighted to be a Gold Sponsor of the ACCU Conference 2025 in Bristol. It’s an event in the Southwest, so a little bit closer to home than usual for us. What is ACCU? The ACCU Conference, originally focused on...
Veeam Kasten v7.5: Revolutionising Kubernetes Backup and Recovery
Veeam has announced the release of Kasten v7.5, the latest version of its industry-leading Kubernetes backup and recovery solution. This new release brings significant advancements in scale, performance, security, and ecosystem coverage, empowering your organisation with brilliant resilience for your...