The NIS2 Directive - Who, what and when? - Peak Consulting Group A/S - UK




5 things you need to know about NIS2, before you go on vacation  

Print Friendly, PDF & Email
Shed some light on NIS2 and how it impacts your organization with 5 facts about the NIS2 directive. 

You know the feeling. Summer just began and you are off on vacation. Everything is peaceful and while you are relaxing by the pool with a good crime-novel, a thought hits you – what was it they said about NIS2? Is any of it relevant to me and when will it become relevant?  

The short answers to your questions are Yes and Right Now! 

Let us get a few facts straight about NIS2 

NIS2 is an expansion and a refining of the existing network and information security directive (NIS1), that became effective on 18 May 2018. It is an EU-directive, whose purpose is to heighten the cyber-security of businesses and public authorities. It achieves this through risk-based precautions such as prevention and handling of security events, security in data storage, and data processing, as well as plans for handling being hit by a cyber-attack. 

NIS2 should very much be understood in light of the cyber-threat becoming larger and more complex. NIS1 is therefore out of the game, as the directive contained many exceptions, was limited to only a few sectors and was lacking tools within authority supervision and reporting obligations. 

NIS2 places the responsibility with the management  

NIS2 has brought with it a large focus on the management’s responsibility to implement and educate employees about following the directive. Affected businesses and authorities have a reporting obligation to both responsible authorities and customers.  

If the NIS2 is not adhered to, fines as high as 10 million euros or 2% of the business’ revenue, may be issued. In extreme cases, the responsible authority has the ability to completely stop the business’ activities. There is also increased supervision of the affected businesses and authorities. 

Will your business or authority be affected?  

A far larger number of sectors and fields will be affected by NIS2. A distinction is made between Critical units and Important units, and NIS2 includes businesses and authorities with more than 50 employees or a revenue of more than 10 million euros. But note that smaller businesses may also be affected.  

Critical units Important units  
Energy Post and courier services  
Transport Waste management  
The banking system and financial infrastructure Manufacturing and distribution of chemicals  
Drinking water and wastewater Manufacturing of medical equipment, computer, electronics etc. 
Digital infrastructure  Food production  
Public administration  Digital providers, including online marketplaces, search engines and social media services 

NIS2 is a so-called minimum directive, which means that the individual nation-state can make greater demands of sectors’ participation. In the case Denmark, it has already been decided that the regions will be involved, while it has not yet been decided, whether entire or selected areas of the municipalities’ administration will be affected.  

When do you have to comply with NIS2?  

NIS2 will be enacted shortly. Then, the law will be released to the public, and 20 days following the publication, the legislation will be put into effect. EU-member countries, however, have 21 months to create their own, national legislation, whereafter it will become effective in Denmark and the rest of the EU. 

Do not tell yourself that 21 months is a long time. Remember that cybercriminals do not wait for legislation, and there is a big task ahead of you. 

What do you need to do? 

You should already now be looking into if you will be affected by NIS2. If the answer is Yes, you should, as soon as possible, start analysing what is required to adhere to the directive.  

It can wait until after your vacation, but the pool and the crime-novel are just so much better – when you know if you should read up on NIS2.  

Print Friendly, PDF & Email
Thomas Mørk Glintborg

Thomas Mørk Glintborg

Management Consultant

Supplement your knowledge with a course

Feel free to reach out:

[email protected] | Tlf: +45 3526 2880

Din tilmelding er registreret

Tak for din tilmelding, der nu er modtaget. Der er en bekræftelse på vej til din indbakke. 

Hvis du har problemer eller spørgsmål til tilmelding, så skriv til [email protected]

Tilmelding til: Morgenseminar om den agile stat

Udfyld formularen og tilmeld dig seminaret. Ved tilmelding accepterer du vores persondatapolitik og handelsbetingelser

Bemærk: Vi forbeholder os retten til at afvise din tilmelding, hvis vi vurderer, at din profil ikke matcher målgruppen for seminaret. 

Hvis du har problemer eller spørgsmål til tilmelding, så skriv til [email protected]

Tilmelding til SAFe Forum 16. marts 2022

Udfyld formularen og tilmeld dig SAFe forum 16. marts 2022

Ved tilmelding accepterer du vores persondatapolitik og handelsbetingelser

Tilmelding til Årets projektdag 19. maj 2022

Bemærk: Konferencen er udsolgt, men du kan skrive dig på venteliste og få besked, hvis der er afbud. 

Ved tilmelding accepterer du vores persondatapolitik og handelsbetingelser

Hvis du har problemer eller spørgsmål til tilmelding, så skriv til [email protected]