NIS2
Our services
What is NIS2?
The NIS2 Directive (Network and Information Security 2) represents a major update to the European Union's cybersecurity regulatory framework. It expands the scope of the original NIS Directive, encompassing a wider range of sectors and introducing stricter requirements for risk management, incident reporting, and the implementation of security measures.
The Importance of NIS2 Compliance
Integrating cybersecurity into your company's strategy and daily operations is now essential. Operating securely is not merely about regulatory compliance—business partners, customers, suppliers, and employees expect companies to provide the highest level of protection to safeguard their data and systems.
In today’s increasingly complex digital landscape, the European Union seeks to equip businesses to better respond to cyber threats and strengthen the resilience of Europe’s entire digital infrastructure. The NIS2 Directive plays a key role in this effort, imposing progressively stricter requirements to ensure that all organizations can effectively manage the risks to their networks and information systems, thereby ensuring continued secure operations.
Our NIS2 Services
-
Compliance Assessment - GAP Analysis
The first step is a comprehensive assessment of your company's current security and risk management processes. We identify critical points and areas where changes are needed to achieve NIS2 compliance.
-
Detailed Risk Analysis
The NIS2 regulation adopts a risk-based approach, which we will help you implement in your company. We identify potential threats that could compromise the organisation's information systems and develop a risk management strategy.
-
Design and Implementation of Security Measures
We provide expert guidance in designing and implementing both technical and organizational measures that meet the requirements of the NIS2 Directive. This may involve upgrading network infrastructure, revising incident management protocols, or enhancing data protection mechanisms.
-
Establishment of Incident Handling Processes
We help establish an effective incident management system that enables rapid and efficient responses to cyber-attacks. Prompt incident reporting is a key regulatory requirement, and we assist your organization in meeting NIS2’s reporting obligations.
-
Security Awareness Training
Recognizing that human error is often the weakest link in cybersecurity, we ensure your employees receive regular training and stay up-to-date on the latest threats and security protocols through tailored awareness programs.
Who Must Prepare for NIS2?
The NIS2 Directive applies to a wide range of sectors, including:
- Energy
- Transport
- Healthcare
- Drinking water, waste water
- Telecommunications service
- Digital infrastructure
- ICT service management (business-to-business)
- Space
- Postal and courier services
- Production, processing and distribution of food
- Waste management
- Manufacture, production and distribution of chemicals
- Manufacturing
- Digital providers
- Research
- Providers of electronic communications services
- Trust service providers
- DNS service provider
- Top-level domain name registries
- Top-level domain name registries
- Domain name registration service provider
Key Deadlines for NIS2 Compliance
The following key deadlines and tasks apply to the organisations concerned to comply with the NIS2 Directive.
Meeting these deadlines is crucial to ensuring compliance with the NIS2 Directive, so it is essential for organizations to prepare in advance.
Organisations shall apply the specific protection measures set out in Article 20 (3) of Act XXIII of 2023 on Cyber Security Certification and Cyber Security Supervision (Cyber Security Act) on the requirements for classification into security classes according to the corresponding security class and on the specific protection measures applicable to each security class in Decree 7/2024 (VI. 24.) MK of 24 June 2024.
A contract for the first cybersecurity audit should be concluded with the auditor.
According to the Cybersecurity Act and the related implementing regulations, organisations must implement the measures related to the audit and successfully complete the compliance audit. The audit is repeated every two years.
