NIS2 stands for ‘Network and Information Security Directive 2’ and represents a further development of the European Network and Information Security Directive NIS1, which came into force in 2016. Its aim is to strengthen the resilience of EU member states against cyber threats.
Previously, the focus was particularly on large corporations and companies from the KRITIS sector (critical infrastructures). In NIS2, both the selection criteria and the measures were expanded, thus significantly widening the group of companies concerned. By October 2024, all EU member states must have implemented the requirements in national law, although experts consider the beginning of 2025 to be realistic for the finalization and entry into force of the NIS2UmsuCG in Germany.
Here you can find the official publication of the NIS2 Directive (officially: Directive (EU) 2022/2555) by EUR-Lex, the online gateway to EU Law: NIS Directive
With Steffen Zimmermann from the association of Germany’s engineering industry (VDMA), we explain what the new directive is all about and go into more detail on the following questions:
Steffen Zimmermann knows exactly what he is talking about. As Head of Industrial Security at the VDMA, based in Frankfurt, he has been responsible for security issues such as information security, OT security and product security within the association for many years.
Sebastian Pfaller is Head of Product Management at ondeso. As such, he is in constant exchange with our customers regarding the latest requirements for our products and services. He is also a regular member of the VDMA Industrial Security working group.
Here you can find the recording:
(German only)
The new EU directive NIS2 – what exactly is it about? As an extension of the original NIS directive, NIS2 provides a guideline that defines authoritative regulations for the countries of the EU. The purpose of the whole matter is to bring the often widely divergent rules of the individual countries to a common standard and to ensure more security – especially for critical infrastructures.
Important, system-relevant companies, such as waterworks, and also their suppliers or service providers are seen as critical infrastructures. This is now covered by the new regulation.
In general, NIS2 affects both the IT and OT areas. Therefore, a detailed list of all assets is important for proper risk management. A system-relevant company must be able to continue production even in the event of an exception. All technical systems must be considered with the aim of functioning reliably over the long term and surviving cyberattacks with little to no effect.
Furthermore, the question arises to what extent the requirements of NIS2 must be reviewed. The fact is that this must happen regularly without losing focus. Because even if the company is constantly checked in terms of compliance (adherence to regulations), the actual goal of the whole thing must not be neglected: secure, reliable operation.
If you want to learn more about what the new EU directive will mean for you and your company, don’t hesitate to contact us!
With ondeso SR you are able to capture and manage OT clients from different manufacturers.
Here you can learn more about our company and our expertise as a pioneer and market leader.
Would you like to learn more? Do not hesitate to contact us, we will be happy to help you.