NIS2 Directive:
Transparency, Expertise, and Support from VELEVO®
Our mission is to make the topic as transparent as possible for you. That’s why we have created a comprehensive blog series on the NIS2 Directive that covers all relevant aspects. Here, you will find answers to the most important questions, practical insights, and concrete recommendations for action. Everything is clearly and understandably formulated, without unnecessary jargon.
Everything About the NIS2 Directive – Compact and Easy to Understand
We continuously expand it to keep you always up to date.
Transparency builds trust.
Individual solutions.
Expertise and practical relevance.
Long-term partnership.
We make compliance easy for you,
simply contact our experts.
Need Help?
NIS2 – Frequently Asked Questions (FAQ)
We have compiled the most important questions about the NIS2 Directive for you.
Based on the official EU requirements and the experiences of our customers.
1. Why did the Commission propose a new NIS Directive?
The NIS Directive was the first EU-wide cybersecurity law aimed at improving the resilience of network and information systems in the EU. Despite some successes, certain limitations became apparent. The digital transformation, accelerated by the COVID-19 crisis, has expanded the threat landscape. New challenges require adapted and innovative solutions.
The Commission conducted an extensive stakeholder consultation and identified the following main issues:
-
Insufficient cyber resilience of businesses in the EU
-
Inconsistent resilience across Member States and sectors
-
Lack of a common understanding of major threats
-
Absence of a joint crisis response
In response, the Commission proposed revised rules in December 2020 to strengthen cyber resilience in the EU. These were politically agreed upon in May 2022 and formally adopted in November 2022.
2. How has the COVID-19 crisis influenced the new Directive?
The pandemic has increased the European economy’s reliance on digital solutions. Sectors and services have become more interconnected, expanding the threat landscape. The crisis highlighted existing weaknesses in the NIS Directive and acted as a catalyst for its revision. A concrete outcome was the expansion of its scope, particularly in the health sector.
3. What elements of the previous NIS Directive does NIS2 build on?
The NIS2 Directive builds on three pillars of the NIS1 Directive:
-
National Cybersecurity Strategies: Member States must develop national strategies and designate Computer Security Incident Response Teams (CSIRTs).
-
Cooperation Groups: Collaboration between Member States is strengthened through the NIS Cooperation Group and the CSIRTs Network.
-
Sector Coverage: The NIS1 Directive covers seven critical sectors, including energy, transport, and health.
The NIS2 Directive expands the scope and introduces a size threshold to determine which companies must report incidents.
4. What are the key elements of the NIS2 Directive?
The NIS2 Directive aims to address the shortcomings of the previous rules and make them future-proof. It expands the scope, streamlines security and reporting obligations, and strengthens supervisory and enforcement measures. It also promotes cooperation between Member States and establishes the EU-CyCLONe network for managing large-scale cybersecurity incidents.
5. Which sectors and entities are covered by the NIS2 Directive?
The NIS2 Directive covers a wide range of sectors, including energy, transport, health, digital infrastructure, and public administration. It distinguishes between “essential” and “important” entities, which are subject to different supervisory regimes.
6. How are security requirements and incident reporting obligations strengthened?
The NIS2 Directive introduces a list of 10 key elements that companies must implement in their cybersecurity measures. Reporting obligations have been streamlined, requiring companies to issue an initial warning within 24 hours and a detailed report within 72 hours.
7. How will the new rules be supervised and enforced?
The NIS2 Directive introduces stricter supervisory and enforcement measures, including regular audits and penalties for non-compliance. The level of fines depends on the significance of the entity involved.
8. How does the NIS2 Directive improve crisis management?
The Directive establishes clear responsibilities, national crisis plans, and the EU-CyCLONe network to coordinate the management of large-scale cybersecurity incidents.
9. Which Member State has jurisdiction over entities covered by NIS2?
Generally, companies fall under the jurisdiction of the Member State where they are based. Exceptions apply to certain service providers, such as cloud providers or online marketplaces, which are subject to the jurisdiction of the Member State where they have their main establishment.
10. How is cooperation improved?
The NIS2 Directive promotes cooperation between Member States through joint supervisory measures, information sharing, and coordinated vulnerability disclosures.
11. How does the NIS2 Directive interact with other EU policies?
The NIS2 Directive is closely linked to the Critical Entities Resilience (CER) Directive and the Digital Operational Resilience Act (DORA). It ensures comprehensive coverage of both physical and cyber-related risks.
12. What are the next steps?
Member States have until October 17, 2024, to transpose the Directive. The Commission will periodically review its functioning and submit its first report by October 17, 2027.
13. How does VELEVO® support implementation?
We offer tailored solutions. From risk analysis to the implementation of security measures and employee training, we are here to assist you every step of the way.
Everything About the NIS2 Directive – Compact and Easy to Understand
In our NIS2 blog category, you will find all articles about the directive.
We continuously expand it to keep you always up to date.
NIS 2 and Data Protection: How Does the GDPR Fit In?
The NIS 2 Directive (Network and Information Security Directive) and the General Data Protection Regulation (GDPR) are two central pillars of digital legislation in the European Union. Both aim to ensure the security and protection of personal data but with different...
NIS 2: Compliance and the Risks of Non-Compliance
With the growing threat of cyberattacks and the increasing risks to critical infrastructure, the European Union (EU) introduced the NIS 2 Directive (Network and Information Security Directive). This directive, a significant update to the original NIS Directive of...
The Impact of NIS 2 on Corporate IT Security Budgets
With the introduction of the NIS 2 Directive by the European Union, companies face new challenges, particularly regarding their IT security budgets. The directive imposes stricter cybersecurity requirements, forcing companies to significantly increase their IT...
Get Ready!
Do you have further questions
or need support?
Our VELEVO® team is happy to assist you. Contact us to learn more about our services for the NIS2 Directive or to schedule an individual consultation.
VELEVO® is more than an IT service provider. We are your strong partner for digital sovereignty. With our expertise and transparent communication, we make complex topics like the NIS2 Directive tangible and support you in strengthening your IT security sustainably.