The Network and Information Systems Directive (NIS2), due to come into effect in October 2024, seeks to improve cyber resilience in the European Union (EU). Its effects are likely to be wider reaching, though, bringing in more stringent processes and controls and redefining how we provision services to organizations that are deemed nation-critical.
The mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.
NIS2 is much wider in scope than its predecessor: all businesses – including small and micro businesses – that are deemed to have an important or essential role in a member state are now covered. Yet those outside of its jurisdiction may find themselves required to comply by association, including those outside the EU that are supplying services to the EU.
Suppliers will get sucked in
Under Article 21, organizations must put…
