What was the NIS?

The NIS (Network and Information Systems Directive) was introduced in 2016 to strengthen digital resilience in Europe. The goal: to ensure that vital sectors properly protect their IT systems against cyber threats. At that time, the directive mainly applied to a small group of organizations, such as energy companies, telecom providers and water boards. For many other sectors, the NIS had hardly any direct impact.

In practice, this approach proved too limited. Cyber attacks not only affected vital infrastructures, but also municipalities, healthcare institutions, suppliers and SMEs. That is why there was a review: NICHE 2.

What changes with NIS2?

The NIS2 directive significantly expands the obligations. Not only vital organizations, but also essential and important entities must demonstrate that they have their information security in good order. The most important differences at a glance:

‍

‍

NIS2 and ISO 27001: how do they relate to each other?

NIS2 and ISO 27001 have a lot in common. ISO 27001 provides a structured framework (SIMS) to implement and ensure NIS2's security measures. With a well-designed ISMS, you can therefore already meet a large part of the NIS2 obligations. It's not a one-to-one replacement, but it helps your organization demonstrably meet the requirements for risk management, documentation, and periodic reviews.

Many organizations therefore use ISO 27001 as a basis for their NIS2 implementation. From that basis, you can specifically add the specific requirements of the directive — for example on governance and chain management.

What does NIS2 mean for your organization?

There is a good chance that your organization falls under NIS2, even if that was not the case with the old NIS. Think about:

• Municipalities and government organizations
• ICT service providers
• Healthcare institutions (in addition to NO 7510)
• Vital or essential service providers
• SMEs that are part of a chain
  ‍

This is not only technical security important, but also policy, risk management and awareness within the organization. Directors also receive explicit responsibility. They must be able to demonstrate that they have taken measures and have knowledge of the risks.

Where do you start with NIS2?

The first step is insight. With a free NIS2 check you get clear where your organization is now and what steps are still needed towards compliance. From there, we guide organizations with the NIS2 implementation, carrying out internal audits and setting up processes that comply with the directive.

Do you want to look further? Then it's NIS2 Supply Chain Certificate (NIS2 SC) a valuable label that helps suppliers demonstrate that they meet the requirements that NIS2 organizations set for their partners.

‍

Demonstrated NIS2 compliance

The transition from NIS to NIS2 requires more than just technical measures. It's about demonstrable responsibility, risk management and cooperation throughout the chain. By starting now with a baseline measurement or NIS2 check, you will avoid having to act under time pressure in the future. And with the right guidance, you can ensure that your organization is not only compliant, but also really works more safely.

Schedule a free, no-obligation 45-minute consultation or start the free NIS2 check right away to find out where your organization stands.