Understanding What's New in the NIS2

The Network and Information Security (NIS) Directive, created in 2016, was the first EU-wide cybersecurity law. Its objective was to achieve a higher and more uniform level of security for network and information systems throughout the EU (European Union).

Given the considerable acceleration in digital transformation and evolution of threat vectors since then, the Directive was refreshed. NIS2 was formally adopted in November 2022 and entered into force in January 2023. NIS2 repeals and replaces the former version of the Directive. It represents a constructive step forward in defining the requirements for EU organizations to enhance their cyber-resilience over the coming years. NIS2 also clearly details reporting rules and the repercussions for ignoring them.

Read on to discover what's required by the NIS2 framework, and how BeyondTrust Privileged Access Management (PAM) solutions can help you address the following key sections of the NIS2 Directive.

Key NIS2 changes explained in this guide include:

  • New industry sector requirements.
  • New incident response and crisis management reporting requirements.
  • Enhanced security requirements and controls.
  • Supply chain security expansion to include service providers and subcontractors.
  • Incorporating basic IT hygiene best practices and cybersecurity training.
Prefers reduced motion setting detected. Animations will now be reduced as a result.