Ekelundsgatan 1

411 18 Göteborg

info@qualitythink.se 0317181800
Europeiska unionens blå flagga med tolv gula stjärnor vajar i vinden framför en modern kontorsbyggnad i glas. Bilden belyser det skärpta EU-direktivet NIS2 gällande lagstadgade säkerhetsåtgärder, riskhantering och incidentrapportering för företag.
×

Everything you need to know about NIS2

Publish date: Jun. 13, 2024

En närbild av Europeiska unionens blå flagga med böljande tyg och framträdande gula stjärnor. Bilden understryker de strikta kraven i den nya EU-lagstiftningen Cyber Resilience Act (CRA) gällande produktövervakning och incidentrapportering.

What is NIS2?

NIS2 (Network and Information Systems Directive 2) is an updated EU law that aims to strengthen cybersecurity in critical sectors, such as energy, transport, healthcare, finance and digital infrastructure. The directive replaces the previous NIS directive and places higher demands on businesses and organizations to protect their networks and systems against cyberattacks. The aim of NIS2 is to improve coordination between EU countries and ensure that all Member States have a common standard of cybersecurity.

Europeiska unionens blå flagga med tolv gula stjärnor vajar i vinden framför en modern kontorsbyggnad i glas. Bilden belyser det skärpta EU-direktivet NIS2 gällande lagstadgade säkerhetsåtgärder, riskhantering och incidentrapportering för företag.

How does NIS2 affect your business?

If your company belongs to a critical sector in the EU, you need to prepare to meet NIS2 requirements. Here are some important things to consider:

  • Security measures: Companies must take technical and organizational measures to protect their systems against cyber attacks and ensure the continuity of their services.
  • Incident reporting: All security incidents must be reported to national authorities within 24 hours of detection.
  • Risk management: Organizations must conduct regular risk assessments and take measures to reduce the risks of cyber attacks.
  • Supplier verification: Companies must ensure that their suppliers and partners also comply with NIS2 requirements.
Den svenska flaggan vajar på en hög flaggstång mot en klarblå himmel där solen strålar starkt i det nedre hörnet. Bilden förtydligar tidslinjen, implementationen och de nationella tidsfristerna för EU:s cybersäkerhetsdirektiv NIS2 i Sverige.

When will NIS2 enter into force in Sweden?

NIS2 will apply across the EU, including Sweden, in October 2024, by which time all companies covered by the Directive must have implemented the necessary security measures and systems to comply. To avoid sanctions and potential fines, it is important to start preparations well in advance.

  • 24 months after publication of the Directive: security measures and incident reporting requirements apply.
  • 36 months after publication: Organizations must have completed full compliance with NIS2 rules.
En grafik visar Europeiska unionens tolv gula stjärnor i en cirkel mot en kungsblå bakgrund. I mitten av stjärnorna lyser ett grönt digitalt hänglås fyllt med binär kod, vilket illustrerar fördelarna med NIS2-direktivet och robust cybersäkerhet.

Benefits of complying with NIS2

NIS2 not only poses challenges, but can also be a benefit for businesses. By complying with the Directive, businesses can strengthen their cybersecurity, increasing the trust of customers and partners. Companies that demonstrate that they are actively working to protect their systems can also gain a competitive advantage by offering secure and reliable services.

– Demonstrating that you take security seriously can be crucial when customers choose between different suppliers. Companies that are at the forefront of cybersecurity can capitalize on this to win new customers and business opportunities,” says Alexander Harvey Boström.

En närbild av händer som skriver på en bärbar dator vid ett ljust kontorsbord med ett anteckningsblock. Bilden förstärker sidan om apputveckling av webbappar, responsiv design och smarta digitala verktyg som fungerar direkt i webbläsaren.

Which companies are covered by NIS2?

  • Energy: electricity, gas, oil and district heating suppliers, and renewable energy operators.
  • Transportation: Air, rail, road, maritime transport and related services such as ports and airports.
  • Banking and financial markets: banks and financial institutions, and financial market infrastructures.
  • Health: Hospitals, health care facilities, pharmaceutical companies and other health care providers.
  • Water supply: Operators that supply or treat drinking water and wastewater.
  • Digital infrastructure: providers of cloud computing, data centers, internet switching and other digital services.
  • Public Safety: Organizations dealing with public safety and disaster management.
  • Public administration: Authorities and organizations that deliver essential public services.

Summary and next steps

NIS2 is an important step to strengthen cybersecurity in the EU, especially for critical sectors. By following the new rules and preparing your organization, you can protect your systems and reduce the risk of cyberattacks. Need help understanding what NIS2 means for your business and how best to prepare? Contact us today – we’re here to guide you through the new requirements and make sure you’re ready for future threats.

Want to know more about NIS2? Get in touch!

Published by