top of page
3einhalb logo

NIS2 Directive
New Cybersecurity Requirements
for Companies in the EU

he NIS2 Directive (Network and Information Security Directive 2) is the new, expanded EU directive on cybersecurity. It comes into effect on October 17, 2024, and requires companies from various critical and important sectors to significantly enhance their IT security measures.

 

The goal of NIS2 is to better protect companies against cyberattacks, data loss, and IT outages, while establishing unified cybersecurity standards across the EU.

With a structured Information Security Management System (ISMS) based on ISO 27001, companies can efficiently meet NIS2 requirements and ensure compliance.

What is the NIS2 Directive?

The NIS2 Directive is a tightening and extension of the existing NIS
Directive. It sets binding minimum standards for IT security and
introduces stricter reporting requirements for IT security incidents.


The most important innovations of NIS2 are:

  • Extended scope – More companies from critical and
    important sectors are subject to the directive.

  • Higher security requirements – companies must
    Implement a risk management framework for IT security.

  • Stricter reporting requirements – IT security incidents must be reported within 24
    hours are reported.

  • Responsibility of management – The management is liable for
    Violations of NIS2 requirements.

  • High fines for non-compliance – penalties can be up to 10 million
    euros or 2 percent of annual turnover.


These measures are intended to improve IT security across the EU and
a uniform regulation for cybersecurity should be created.

Which companies are affected by NIS2?

The NIS2 Directive applies to companies with more than 50 employees or an annual turnover of more than €10 million and divides them into two categories:

1. Critical infrastructure
(Essential Entities)

These companies are subject to particularly strict security requirements:

  • Energy suppliers and operators of critical infrastructure

  • Water and wastewater companies

  • Telecommunications and internet providers

  • Banks and financial service providers

  • Healthcare and pharmaceutical companies

  • Transport and logistics

  • Public administration and government organizations

2. Compliance with Legal Requirements
(Important Entities)

These companies must also comply with NIS2 requirements but are subject to somewhat lower penalties:

  • IT service providers and cloud providers

  • Food production and trade

  • Chemical industry and manufacturing companies

  • Providers of digital services and data centers

  • Research institutions and universities

The most important NIS2 requirements at a glance

An ISMS according to ISO 27001 defines clear processes and technical measures, guided by continuous improvement. This structured approach enables companies to efficiently achieve ISO 27001 certification and secure it long-term.

01

Implementation of IT risk management

Companies need to establish a comprehensive cybersecurity risk management framework:

  • Introduction of an ISMS according to ISO 27001

  • Regular risk analyses and internal audits

  • Strict security measures for networks, systems and data

  • Management responsibility for cybersecurity

02

Obligation to report IT security incidents

Companies must implement a strict incident response strategy:

  • First report within 24 hours after a
    IT security incident

  • Detailed report to the relevant authorities within 72 hours

  • Final report with lessons learned within one month

  • Development of an emergency plan for cyber attacks

03

Regular IT security tests and penetration tests

Companies must regularly assess the effectiveness of their security measures
check:

  • Annual vulnerability scans and security assessments

  • Threat-based penetration tests at least every three years

  • Use of independent auditors to validate security measures

  • Checking third-party providers for security standards

04

Secure management of third-party IT providers

Since many companies use external IT service providers, they must implement third-party risk management according to NIS2.

  • Review of the security standards of external IT service providers

  • Establishment of a vendor risk management framework

  • Regular audits and risk analyses of suppliers

  • Avoiding dependencies through multi-vendor strategies

How does 3einhalb GmbH support companies in implementing NIS2?

Many companies face the challenge of implementing the new NIS2 requirements on time. With our ready-to-use ISMS, we offer an efficient and structured solution for compliance with the new cybersecurity regulations.

NIS2 Compliance:
Fast, Pragmatic, Cost-Efficient
Our solution is specifically designed for companies looking for a NIS2 solution that is fast, pragmatic and affordable.

Our solutions for NIS2 compliance

  • Predefined ISMS structures for rapid implementation

  • Automated risk analyses according to ISO 27001 and NIS2

  • Complete documentation of all security measures

  • Support with internal audits and certifications

Why 3einhalb GmbH?

  • Experience with the implementation of ISMS and IT security solutions

  • Consulting by experts for NIS2, ISO 27001 and IT risk management

  • Easy integration of our ISMS into existing IT structures

  • Transparent and cost-effective solutions for companies of all sizes

Ensure NIS2 Compliance Now

  • The deadline for implementing NIS2 is approaching. Companies that fail to act in time risk heavy fines and significant operational risks.

  • We help you implement the requirements of NIS2 efficiently and securely.

  • Arrange a non-binding consultation now.

bottom of page