A Look at NIS2: What Companies Need to Know
Pieter van Gelooven 09/01/2024

A Look at NIS2: What Companies Need to Know

The digital world is under increasing pressure due to a growing number of cyberattacks in Europe, from phishing to ransomware. Cybersecurity is no longer just an option but a necessary requirement, both personally and professionally.

To address these threats, the European Parliament has adopted the revised Network and Information Systems Directive (NIS2). This directive expands the EU framework for cybersecurity and is a crucial part of the broader EU cybersecurity strategy.

What does NIS2 include?



NIS2 builds on NIS1 by expanding the number of 'essential' classified companies to around 160,000 organizations across Europe, including medium and large companies in specific sectors. Some key aspects include:

Expanded Scope: NIS2 covers more sectors and revises the classification of companies. It provides member states with the flexibility to identify small high-risk businesses.

Increased Security Requirements: The directive requires a risk management approach and outlines essential cybersecurity measures for all involved organizations.

Enhanced Oversight and Sanctions: There are stricter monitoring measures for national authorities and harmonized sanction regimes across the member states.

What cybersecurity measures should be taken?

  • Risk Assessment: Identify potential threats and vulnerabilities in your network and information systems.
  • Security Policies and Procedures: Establish a clear policy for information security and implement procedures for risk management, access control, and incident response.
  • Security Measures: Implement technical measures such as firewalls, antivirus software, encryption, and strong authentication to protect your systems.
  • Incident Response Plan: Develop a plan to respond quickly to security incidents, including reporting incidents to the relevant authorities.
  • Monitoring and Detection: Use systems to monitor and detect suspicious activities, allowing for rapid intervention in potential threats.
  • Training and Awareness: Provide staff training to raise awareness of security risks and how to act in suspicious situations.

Which sectors should pay attention to NIS2?

Essential sectors

Important sectors

Enterprises with at least 250 employees or an annual turnover of at least 50 million euros, active in the following critical sectors. Enterprises with 50 to 250 employees or an annual turnover of 10 to 50 million euros. Also, enterprises with at least 50 employees that perform activities as specified below.
Energy Postal and courier services
Transport Waste management
Banking Manufacturing and distribution of chemicals
Financial market infrastructure Manufacturing, processing, and distribution of food
Health Manufacturing of medical and diagnostic devices
Drinking water Digital providers
Wastewater Research
Digital infrastructure  
ICT services management  
Public administration  

What penalties can be imposed for non-compliance?

NIS2 introduces stricter penalties for non-compliance, including fines up to 10% of an entity's annual turnover.

For companies active in essential sectors: administrative fines up to €10,000,000 or at least 2% of the total annual global turnover in the previous financial year of the company to which the essential entity belongs, whichever is higher.

For companies active in important sectors: administrative fines up to €7,000,000 or at least 1.4% of the total annual global turnover in the previous financial year of the company to which the important entity belongs, whichever is higher.

Hoe helpen we onze klanten verder?

ABC-Groep ondersteunt bedrijven bij de naleving van NIS2. Van risicobeoordeling tot implementatie van beveiligingsmaatregelen, we bieden deskundig advies en oplossingen op maat. Door onze begeleiding verzekeren bedrijven zich van naleving en minimaliseren we de risico's op boetes en reputatieschade.

NIS2 is essentieel voor het beschermen van Europese organisaties tegen geavanceerde cyberdreigingen. ABC-Groep staat klaar om bedrijven te begeleiden bij het voldoen aan deze richtlijn. Door samen te werken aan strikte naleving, bouwen we aan een veilige digitale toekomst voor onze klanten.