The EU’s NIS2 Directive is a broad regulation on cyber security, with stringent requirements and hefty fines for non-compliance
Companies in Africa that do business with European Union (EU) member countries must comply with the recently enforced NIS2 Directive cyber security regulation or face potential fines of up to €10 million or 2% of their global annual turnover, whichever is higher.
NIS2 Directive, which builds upon the original Network and Information Security Directive introduced in 2016, imposes strict cyber security requirements, including enhanced management liability, reporting to authorities, risk management, and business continuity planning. While it came into force in January 2023, EU member states had until 17 October 2024 to transpose it into national law.
Ahmore Burger-Smidt, director, head of regulatory practice, and director at Werksmans Advisory Service, says the NIS2 Directive focuses on operational resilience and cybersecurity, addressing network and information system security, while GDPR primarily protects individuals’ privacy.
NIS2 is detailed and prescriptive, imposing specific cybersecurity measures like risk management and incident reporting, he…
