What is the NIS 2 Directive?
The new Network and Information Security Directive (NIS 2) is the EU’s updated legal framework aimed at improving cyber security in all Member States by establishing a high common level of security for network and information systems. It builds on the original NIS Directive to better address evolving cyber threats.
Adopting an “all-hazards” approach, the directive requires organizations to be prepared for a wide range of threats, from cyber-attacks to physical disruptions. This ensures comprehensive protection and operational resilience.
Key aspects of NIS 2 compliance
Accelerated reporting requirements
Timelines: Significant cyber incidents must be reported swiftly:
- Initial report: Within 24 hours of becoming aware of the incident.
- Confirmation report: Within 72 hours.
- Final report: No later than one month after the incident.
Reporting chains: National Computer Security Incident Response Teams (CSIRTs) must report incidents to the European CSIRT network. If multiple entities within a corporate group are affected, they can be mentioned collectively to avoid duplicate reporting.
Enhanced risk management
IT risk management: Implement robust processes to identify and mitigate IT-related risks.
Supply chain risk management: Assess and manage cybersecurity risks across all stakeholders, including suppliers and partners.
Incident response management: Establish comprehensive plans for incident response, business continuity, and disaster recovery.
Stricter sanctions and liability
Liability: NIS 2 introduces director-level accountability for non-compliance.
Penalties:
- Essential entities: Fines up to €10 million or 2% of the worldwide annual turnover, whichever is higher.
- Important entities: Fines up to €7 million or 1.4% of the worldwide annual turnover, whichever is higher.
Regulatory oversight: Authorities may conduct proactive or reactive inspections and may require submission of remediation plans for identified deficiencies.
Core elements of our solution for NIS 2
osapiens HUB for NIS 2 is designed to streamline compliance with the NIS 2 Directive, ensuring your organization meets these comprehensive cybersecurity standards efficiently and effectively. The NIS 2 features are embedded within the osapiens HUB for Due Diligence solution, enriching your standard compliance cycle. This integration ensures you meet all due diligence requirements in your supply chain across various risk dimensions.
Streamlined security and risk management in one platform
Efficiently managing NIS 2 compliance
Our platform enables you to efficiently manage the requirements of the NIS 2 Directive, covering Cyber Risk Management, Supply Chain Security, Business Continuity Management, and Incident Response & Notification. With all these essential functions unified in a single system, you can simplify compliance, reduce operational complexity, and maintain full control over your security processes.
Instantly identify and mitigate cyber risks
Enhancing compliance with integrated supplier data
By leveraging integrated supplier data, our platform allows you to instantly capture and assess cyber risks, providing deeper insights for comprehensive compliance. This approach adds new dimensions to risk management, ensuring you meet regulatory requirements efficiently and proactively.
osapiens HUB for Due Diligence
Meet all due diligence obligations along your supply chain
Strengthen your supply chain security by ensuring your suppliers and partners comply with cybersecurity standards. With osapiens HUB for Due Diligence, effortlessly manage all due diligence requirements, including compliance with the EU Supply Chain Act (CSDDD), in a legally compliant, automated, and efficient manner.
Complying with osapiens HUB for NIS 2
Transparent logistics, automated legal obligations and an all-in-one solution for all affected parties to reduce complexity
Trusted by hundreds of companies from all industries
