NIS2 – An Introduction to the EU Directive on Network and Information Security

The Network and Information Security Directive 2 (NIS2) is an EU directive that will be transposed into German legislation by the end of 2024. The full directive can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32022L2555#ntr5-L_2022333DE.01008001-E0005. As the successor to NIS1, which came into effect on June 29, 2017 (see https://www.bsi.bund.de/DE/Das-BSI/Auftrag/Gesetze-und-Verordnungen/NIS-Richtlinie/nis-richtlinie_node.html), NIS2 aims to strengthen cybersecurity in businesses, minimize risks, and avoid damage from cyberattacks.

Although NIS1 has been in existence for many years, NIS2 is now gaining increased attention because the draft will significantly obligate a larger number of companies to implement the prescribed measures. Companies should assess early on whether they are affected, as the implementation of the directive may take several months to years.

centron provides support for the security of IT infrastructures by offering computing power and data storage from an ISO 27001 certified data center according to the BSI IT basic protection standard (https://www.centron.de/warum-iso-27001-zertifiziert/). As a strong partner, centron can help overcome one of the most significant hurdles in the implementation of a successful Information Security Management System (ISMS).

The Federal Office for Information Security (BSI) provides an introduction to the topic of ISMS at https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/BSI_Standards/standard_200_1.html?nn=440524. An ISMS includes basic components such as management principles, resources for information security, employee involvement in the security process, security process, security concept, and security organization.