Your support for your NIS 2 journey
We help you comply with the new European CyberSecurity legislation
What is the NIS 2 Directive?
The NIS 2 Directive, also known as the Network and Information Security Directive, is a significant piece of legislation aimed at improving cyber security and protecting critical infrastructure across the European Union (EU). It builds upon the previous NIS Directive, addressing its shortcomings and expanding its scope to enhance security requirements, reporting obligations, and crisis management capabilities. Compliance with the NIS 2 Directive is crucial for businesses operating in the EU to safeguard their systems, mitigate cyber threats, and ensure resilience.
The European Commission has published on 16 January 2023 the final text of the NIS 2 Directive - high common level of cybersecurity across the Union, which means that by 17 October 2024 Luxembourg and other member states, must adopt and publish a national legislation incorporating the provisions of the NIS 2.
Telindus help you to comply with the new European CyberSecurity legislation.
Telindus is one of the leaders in converged ICT and Telecom services in Luxembourg and provides global solutions to all businesses and public administrations. Its areas of expertise include Telcommunication services, ICT infrastructure, Multi-Cloud, Digital Trust Solutions, Cybersecurity, Business Applications, and Managed Services.
What business sectors are concerned?
Initially, the NIS 1 Directive governed 19 sectors. With this new version, it now covers 35 sectors. The 19 sectors covered by NIS 1 include: energy, transportation, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, digital service management, public administrations, and the space sector.
In addition, NIS 2 expands its scope to the following sectors: postal and shipping services, waste management, chemicals, food, manufacturing, digital service provider sand research. Financial sector will be also under Digital Operational Resilience Act (DORA).
The last factors to define your entity as part or not to this Directive are the count of employees and the annual turnover.
All these criteria define above get an impact of the type of entity you’re are; Essential or Important.
What are the risks for entities?
With the NIS 2 Directive, the sanction regime is strengthened. An organization that fails to implement appropriate risk management measures or fails to promptly notify a security incident for example, risks a fine proportionate to its turnover and level of criticality. Companies may thus be subject to fines of 7 Mo€ or 1.4% of their worldwide turnover for Important Entities and 10 Mo€ or to 2% of their worldwide turnover for Important Entities (whichever one is larger).
In addition, European Union member states have the authority to require entities to undergo audits or inspections. If necessary, they can issue warnings and instructions.
The first step of the NIS 2 journey is to have a view on the current situation and the goal to reach. Based on the expertise and the experience of our Cybersecurity and GRC consultancy, Telindus will manage the assessment talking into count the context and your business in order to give you a view on the effort to be NIS 2 compliance.
One of the most important criteria of the law is to know and handle your information system risks. The risk analysis and the follow up will give you the essential visibility of your threats and how to handle them. Telindus is performing this kind of analysis and follow-up pursuant to the ISO 27005.
Depending of the NIS 2 article 21, Telindus is able to provide you with advices, solutions and services always linked to your current IT situation and business context. From the implementation to an Information Security Management System, to the installation of Multi Factor Authentication solution, Telindus is able to support you on all security and Cybersecurity improvement.
NIS 2 obligations and requirement do impact several part of you information system. Depending your IT model (public / private hosting, on premises), Telindus as ICT and telecom provider is able to cover other topics than Cybersecurity. Business Continuity, Communication services, Telecom and Infrastructure are some exemple of NIS 2 impacts to handle.
