Skip to content
ST GROUP : : Security Trust - ST Control - WHY Security - Logica PRO

Cybersecurity: What changes with NIS2?

  • News

NIS2, namely the Network and Information Systems Directive 2, is the new European Union directive that has the goal to strengthen cybersecurity at the community level. It introduces stricter measures and a structured regulatory framework to protect essential networks and information systems, addressing the growing cyber threats in an increasingly digital environment. NIS2 is a revision of the previous NIS (Network and Information Systems Directive), which already included cybersecurity measures but needed updating in response to the evolution of technologies and threats.

The NIS2 directive officially came into effect on October 16, 2024, with an implementation period divided into three phases. The first phase involved the transposition of the regulation. The second phase, from October 2024 to April 2025, is the most crucial, as it focuses on the implementation of specific security measures. The third phase, starting in mid-April 2025 and continuing until mid-April 2026, will complete the implementation of the regulations across all sectors.

NIS2 introduces new measures, including the identification of at-risk entities, risk assessment, the adoption of security measures, and collaboration between national authorities. A central aspect of the directive is the creation of a National Cybersecurity Strategy, which establishes objectives and priorities for the country’s cybersecurity. Additionally, the National Cybersecurity Agency (ACN) is confirmed as the competent national authority, with the power to implement and oversee the application of the regulation.

NIS2 defines two categories of entities that must comply with cybersecurity regulations: essential entities (EE) and important entities (IE). These entities are primarily companies operating in critical sectors for the economy and society, which have a significant impact on the security and continuity of services. These entities will be required to implement specific protection measures to reduce the risks associated with potential cyberattacks.

The ACN will be responsible for managing the implementation process of NIS2, supported by other NIS sector authorities, which will collaborate with it to ensure a safe and cohesive protection system. Specifically, companies will have to use the ACN platform to conduct self-evaluations of the security of their systems and adopt the necessary protection measures to ensure the continuity and security of their operations and not to face penalties.

To face the changes imposed by NIS2, our team of cybersecurity experts is available for consultations and to guide companies through the process of adapting to the new European directives, ensuring compliance with NIS2.

Are you unsure whether your company falls under the NIS2 directive or are you looking for clear guidance on the steps to take to achieve full compliance?

 

Back To Top