NIS2 mandates that companies in these sectors implement rigorous cybersecurity measures and report major cyber threats to relevant authorities. IT vendors, including cloud providers, search engines, and online retailers, are also expected to comply, given their importance in supply chains. Additionally, EU member states must establish a Computer Security Incident Response Team (CSIRT) and a national authority for network and information systems, if not already in place.
UK businesses that provide services to EU customers are also subject to NIS2 regulations, even if they do not have an establishment within the EU. Non-compliance can result in fines ranging from €7,000,000 (or 1.4% of global revenue) to €10,000,000 (or 2% of global revenue), depending on which amount is higher.
Experts highlight that NIS2 applies to a broader range of organizations than its predecessor, NIS1, meaning many companies must now prioritize cybersecurity. The need for centralized visibility, integrated security platforms, and zero-trust access controls is critical to navigating the directive’s complex requirements, ensuring that businesses protect their supply chains and meet their compliance obligations under NIS2.
The success of NIS2 will depend on consistent implementation across EU member states. While some countries have integrated the directive into their national laws, others lag behind. Cybersecurity experts warn that, although NIS2 will strengthen the EU’s cyber defense, adversaries will continue to exploit weaknesses.
Source: Computer Weekly
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.