Logo white.svg

Menu

cs
en

+420 225 103 103

NIS2 – The New EU Cybersecurity Directive

NIS2 is a new European Union directive aimed at increasing the resilience of institutions and companies against cyber risks. In the Czech Republic, it is being incorporated into national legislation through a new Cybersecurity Act, which significantly expands both the number of regulated entities and the scope of their obligations.

How Can We Help You with NIS2?

We offer:

 Initial Technical and Organizational Consultation

We begin by reviewing your current IT environment together.
We conduct a gap analysis to identify security requirements in line with the NIS2 Directive.

 

Information Security Analysis

We perform a detailed assessment of your existing organizational security measures and identify vulnerabilities.
The resulting report prioritizes objectives for improving your organization’s cybersecurity and defines both short-term and long-term goals.

 

Solution Design

We design a comprehensive security solution, including a time and budget outlook of up to five years.
A long-term, meaningful approach to managing your corporate IT.

 

Implementation and Outsourcing

We provide full implementation of the proposed solution and offer the option to outsource security and IT services.
We can also supply key roles such as Cybersecurity Architect, Auditor, and Cybersecurity Manager.

How Do I Know if NIS2 Applies to Us?

The number of obligated entities is expanding (estimates indicate at least 6,000 private and public organizations). This expansion is driven by:

  • the inclusion of additional regulated sectors,
  • the extension of existing regulated sectors to cover new regulated services, and
  • changes in the method used to identify obligated entities.

The NIS2 Directive was to be transposed into national legislation by October 17, 2024. Affected organizations must take steps to prepare for compliance.

We recommend starting with defining the scope of cybersecurity within your organization and conducting an assessment of your current state.

Do you have any questions? Contact us.

 

I am interested in this service
NIS2.jpg

Among the most significant changes directly affecting regulated organizations are:

  • Expansion of obligated entities (estimates indicate at least 6,000 private and public organizations), driven by the inclusion of additional regulated sectors (e.g., the waste management sector), the extension of existing regulated sectors to cover new regulated services (e.g., expanding the current digital infrastructure sector to include cloud computing services or providers of electronic communications networks and services), as well as changes in the method for identifying obligated entities (where the primary criterion for inclusion will be the size of the organization);
  • Mandatory training for senior management and increased accountability of leadership for ensuring cybersecurity within the organization;
  • Voluntary reporting of relevant incidents, events, threats, and vulnerabilities;
  • More detailed requirements for the management of top-level internet domain registries and the activities of registrars;
  • Greater emphasis on information sharing among obligated organizations;
  • Enhanced cooperation between the regulator and obligated organizations;
  • Significant increase in fines for non-compliance with imposed obligations (with penalties newly set at up to 2% of the company’s total annual turnover or EUR 10 million).
business-4107604.jpg

New elements in NIS2 that are already reflected in Czech legislation
(and therefore will not result in dramatic changes to the substance of the regulation):

  • Expanded powers of supervisory authorities, such as issuing warnings, imposing corrective measures, conducting audits and inspections, and requesting information;
  • Higher requirements for CERT teams (referred to as CSIRTs in the Directive) and broader powers for these teams, including monitoring threats, vulnerabilities, and incidents; issuing warnings and alerts; responding to incidents; performing forensic analysis of collected data; and actively scanning networks and systems;
  • Specification of security measures that obligated entities will be required to implement (the risk management framework and ISMS-based approach will be maintained);
  • Streamlining the reporting of cybersecurity incidents (the CERT team is expected to provide adequate cooperation in managing and resolving incidents and to work closely with the affected entity).

 

Who Does the NIS2 Directive Apply To?

The Directive applies to organizations that:

  • Provide at least one service listed in the annexes to the Directive; and
  • Qualify as a medium-sized or large enterprise, meaning they employ 50 or more employees, or have an annual turnover or annual balance sheet total of at least EUR 10 million (approximately CZK 250 million).

Other services

Penetration testing

SIEM Security Information and Event management

SOC Security Operations Center

Cybersecurity training

We will solve your IT challenges; don’t hesitate to contact us

Schedule a consultation with us for your ICT projects.

Name and surname: *

Company: *

E-mail: *

Message:

NIS2 EN – COM PLUS CZ a.s.