Reading time: ~ 2 min.
The EU Network & Information Security 2 Directive (NIS 2)
- amending the Regulation (EU) No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC;
- amending the Directive (EU) 2018/1972 of the European Parliament and of the Council of 11 December 2018 establishing the European Electronic Communications Code (Recast)Text with EEA relevance;
- repealing the Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union.
Where does the EU Network & Information Security 2 Directive (NIS 2) apply?
The EU Network & Information Security 2 Directive (NIS 2) structure
🔖Chapter III: cooperation at union and international level
🔖Chapter IV: cybersecurity risk-management measures and reporting obligations
🔖Chapter V: jurisdiction and registration
🔖Chapter VI: information sharing
🔖Chapter VII: supervision and enforcement
🔖Chapter VIII: delegated and implementing acts
🔖Annex II: other critical sectors
How can we manage the compliance with all the requirements set by NIS 2? Our solution is a GRC Approach: let's take a closer look in the chapter below.
How to apply the NIS 2 EU Directive?
We can choose a GRC approach to apply the Directive (EU) 2022/2555 that can be based on the main ISO standards in relationship with the law.
Lets check them out:
✅ ISO 20000-1 on IT services;
✅ ISO 27001 on Information Security; on Risk Management;
✅ ISO 22301 on Business Continuity;
✅ ISO 31000 on Risk Management;
✅ ISO 27035 on Incident Management.
Our infographic on the NIS2 Directive application with our GRC approach (and the main ISO standards)
Our sponsors
A special thanks to our Advanced Sponsors: