The new european data security Law NIS2 will impact many companies as significantly as GDPR and, for some, as much as Y2K, with the risk of substantial fines (1.4% of the company’s global turnover or a maximum of 7MEUR).

The new data security Law (NIS2) will be mandatory from October 2024 and will practically apply to ALL companies with more than 250 employees, not just those previously considered essential services. Additionally, it will encompass a long list of other organizations, including research institutions, governmental bodies, regions, and likely all municipalities.

Unlike other quality frameworks that often served as mere “paper products” and certificates on the wall, NIS2 is a stringent directive that requires documented plans, activities, and imposes strict requirements.

According to NIS2, companies must:

• Ensure minimum requirements for security measures, training, and documentation.
• Establish a documented risk process.
• Have an obligation to report incidents.
• Take responsibility for their suppliers.

We strongly recommend that all companies start planning (and budgeting) for their NIS2 project for 2024. Ratatoskr can assist you with training, analysis, planning, and project management for your security efforts.

Learn more about the European Parliament and Council Directive on measures to achieve a high common level of cybersecurity across the Union here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022L0333“