Servicedesk
+31 85 - 00 43 849
info@inbisco.nl
Two important directives related to critical and digital infrastructure recently came into force, which will significantly improve the EU's resilience against both online and offline threats ranging from cyber-attacks to crime and risks to public health or natural disasters.
These new regulations are a response to recent threats directed against the EU's critical infrastructure, attempts that threatened our collective security. Already in 2020, the Commission had presented a proposal to dramatically improve EU legislation related to the resilience of critical entities and the security of network and information systems.
Two important directives related to critical and digital infrastructure recently came into force, which will significantly improve the EU's resilience against both online and offline threats ranging from cyber-attacks to crime and risks to public health or natural disasters.
These new regulations are a response to recent threats directed against the EU's critical infrastructure, attempts that threatened our collective security. Already in 2020, the Commission had presented a proposal to dramatically improve EU legislation related to the resilience of critical entities and the security of network and information systems.
The directives that came into force are:
With recent developments in technology, there are increased security risks to our society and economy, especially due to an increase in phishing attempts, malware and ransomware attacks and other cyber threats. To address these challenges, the EU has been working on the Network and Information Security (NiS2) Directive since 2020. It is designed to improve the digital and economic resilience of member states.
The NiS2 directive deals with risks that threaten network and information systems, such as cybersecurity risks. The implementation of this directive should contribute to more European harmonization and a higher level of cybersecurity among companies and organizations. The NiS2 directive is the successor to the first NiS directive, also known as the NiB, which was integrated into the Network and Information Systems Security Act (Wbni) in the Netherlands in 2016.
The NIS2 Directive covers sectors already covered by the first NIS Directive, but also includes a number of new sectors. This increases the number of public and private organizations covered.
Essential sectors
Key sectors
An important change from the first NIS Directive is that organizations are automatically covered by the NIS2 Directive if they operate in one of the listed sectors and meet the following criteria to qualify as an "essential" or "significant" entity.
These are organizations identified as critical entities under the CER Directive and automatically classified as essential entities under the NIS2 Directive. This category includes large organizations operating in a sector from the essential sectors.
An organization is considered large if it meets one of the following criteria:
This category includes medium-sized organizations operating in sectors considered essential or important under the NIS2 Directive. They play an important role in the economic and social stability of the EU, despite not being classified as "critical.
An organization is classified as medium-sized if it meets one of the following criteria:
If your organization is covered by NIS2, there are several obligations you must meet:
Understanding CER, The Critical Entities Resilience (CER) Directive, introduced at the same time as the NIS2 Directive, aims to improve the resilience of critical entities to physical threats.
This directive applies to both public and private organizations operating in sectors critical to the maintenance of vital societal functions, health, safety, security, economic well-being or social welfare of citizens.
The impact of these new guidelines can be significant, depending on the size and nature of your organization. It is therefore essential to have a clear understanding of what these guidelines entail and how to comply with the requirements.
The directive covers a diversity of sectors, including energy, transportation, healthcare, drinking water, digital infrastructure and financial services, among others. Both government organizations and private entities within these sectors may fall within the scope of the CER Directive.
It is essential that organizations operating within these sectors are aware of the implications of the CER Directive and implement the required measures to comply. This is not only to comply with legal requirements, but also to improve organizational resilience and continue to function in the face of threats.
It is crucial for organizations covered by the CER & NIS2 directive to take proactive measures and prepare.
Through INBISCO- Secure, we can capture and disclose the principles related to security. The established Information Security strategy outlines the policy and preconditions for secure operations. Taking these preconditions into account, the Information Security Management System (ISMS) records the working method by means of processes and work instructions, in combination with all relevant (policy) documents. Processes and documents are now safely stored in the ISMS and can easily be shared with the organization.
Want to know what INBISCO - Secure can do for your organization?
Do you want to try our management systems for yourself? Leave your details below and we will schedule an appointment as soon as possible! Do you prefer direct contact? You can always call us:
+31 85 - 00 43 847.