Contact us

BOOK A PRESENTATION

Protect & Comply: 
Your Guide to NIS2

With new rules and tougher standards, the EU’s NIS2 Directive is here to boost protection for essential systems across Europe. Here’s a quick look at what NIS2 Directive means and how ASEE can help you reach compliance
Contact us ➞

Ready For NIS2?

What is the NIS2 
Directive?

The NIS2 Directive is the European Union’s revised cybersecurity legislation, expanding on the original NIS Directive. It aims to enhance cyber resilience across the EU by introducing stricter requirements for security and incident response.

What are the NIS2 requirements?

NIS2 Directive mandates comprehensive risk management, corporate accountability for cybersecurity, and rapid incident reporting, along with business continuity plans to ensure resilience in the face of cybersecurity incidents.

What are the NIS2
 fines?

Non-compliance can result in fines of up to €10 million or 2% of annual global turnover for essential entities, and up to €7 million or 1.4% for important entities. Senior management can also face personal sanctions.

Who does NIS2 Directive apply to?

The directive applies to "essential" and "important" entities in critical sectors, including healthcare, finance, energy, digital infrastructure, and more. Classification is based on entity size and sectoral importance.

What do I need to meet NIS2 requirements?

Take our quick survey for expert-tailored solutions and recommendations.
Give me recommended solutions ➞

NIS2 Measures ASEE Can Help With

Access Management

  • Provides Identity and Access Management (IAM) to secure access control, ensuring only authorized personnel have data access.
  • Simplifies login processes through Single Sign-On (SSO) while upholding strong security standards.

Use of Multi-Factor Authentication

  • Uses Multi-Factor Authentication (MFA) with both hardware and software to protect system access.
  • Enhances security dynamically with Adaptive Risk-Based Authentication, maintaining a seamless user experience.
  • Lowers risks associated with passwords through Passwordless Authentication, minimizing complexity.

Securing Supply Chains

  • Protects customer identities and manages third-party data access with IAM solutions.
  • Strengthens mobile applications with App Protector to address vulnerabilities in supply chains.

Solutions

Risk Assessments and Security Policies

  • Implements AI and ML-driven fraud monitoring and Mobile Application Shielding for proactive threat detection.
  • Supports security policy enforcement to align with NIS2’s rigorous requirements.

Use of Crytography

  • Offers PKI certificates for encryption, authentication, and digital signatures, essential for secure data handling and to safeguard your networks and systems
  • Automates certificate life-cycle management, ensures the highest level of authentication and authorization, manages audit trails, critical for NIS2 compliance. 
Become NIS2 compliant ➞

NIS2 Directive Timeline

December 2020

NIS2 Directive proposed by European Commision

November 2022

NIS2 Directive adopted

October 17th 2024

Members states deadline to transpose the NIS2 directive  measures into national law

April 2025

Member states deadline to establish the final list of important and essential entities under the NIS2 directive

October 2027

Revision of the NIS2 Directive
Learn more about NIS2 ➞

NIS2 Timeline

December 2020

NIS2 Directive proposed by European Commision

November 2022

NIS2 Directive adopted

October 17th 2024

Members states deadline to transpose the NIS2 measures into national law

April 2025

Member states deadline to establish the final list of important and essential entities under NIS2

October 2027

Revision of the NIS2 Directive
Learn more about NIS2 ➞

ASEE as Your Trusted NIS2 Partner

Single vendor

covering multiple NIS2 requirements.

Local support

focusing on specific nacional laws.

Compliance experts

 in NIS2, eIDAS, GDPR, PSD2, PCI DSS, ISO 27001, ISO 9001.

Tailored solutions

to fit specifc client' requirements.

NIS2 Directive FAQ

The key objectives of the NIS2 Directive are to increase the general level of cybersecurity in the EU by improving risk management practices for entities with critical infrastructure, promoting cooperation between member states, and stricter incident reporting requirements.
The NIS2 Directive applies to all ''important'' and ''essential'' entities that provide services necessary for the normal functioning of the societa, the economy, and the internal market.
The main differences include broader coverage of sectors, defined penalties for non-compliance, introducing new security requirements, strengthened cooperation and incident reporting mechanisms.
The difference between important and essential entities lies primarily in the size of the entity and the impact extent of the incidents on both society and the economy. Delays and disruption within essential entities can lead to greater consequences, including economic instability, threats to public safety as well as significant social disruption. For important entities, althought the impact of these consequences exists, they are signiifcantly less harmful.
Essential entities include all private and public companies operationg in the sectors of energy, transport, banking, financial market infrastructure, healthcare, water and wastewater, digital inrastructure, ICT service management (B2B), space, and the public sector.

Important entities include all private and public companies engaged in postal and courirer services, waste management, chemical manufacturing and distribution, manufacturing (of machinery, medical products, electrical equipment,etc.), food production, processing and distribution, digital services, research, and education.
Not necessarily. An organization that is not within the criteria for the categorization of important and essential entities may still be included:
• if it is the only provider of a services crucial for social or economic activities;
• if a disruption in the provision o services or activities of the entity would have a major impact on public safety, public protection, or public health;
• if a disruption in the provision of services or activities of the subject would cause systemic risks;
• if i is significant for the sector, service, or independent sectors (in the Republic of Croatia).

Essential entities are all organizations that exceed the upper limits for medium-size enterprises. These limits are 250 employees with and annual turnover exceeding 50 million EUR and a balance sheet exceeding 43 million EUR.

Entities subject to special criteria may be categorized as essention even if they don't meet the organization size criteria.

Important entities are all oranizations with 50 to 250 employees and an annual turnover of less than or equal to 50 million EUR and a balance sheet of less than or equal to 43 million EUR or exceeding these tresholdes, and are engaged in important services.
They also include all enitites with 50 to 250 employees, an annual turnover of less than or equal to 50 million EUR, and a balance sheet of less than or equal to 43 million EUR, which are not categorized as significant, but operate in key sectors.
These criteria are not entirely exclusive. Entities subject to specific criteria may be categorised as significant event if they do not meet the criteria for organization size.

In case your organization is categorizes as both important and essential entity, essential entity requirements are applied.
According to the NIS2 directive, all entities are obligated to inform the competent authorities about all incident that affect the continuity of the services they provide.
In the event of an incident, essential and important entities are required to submit an initial notification of the incident with a description of the incident and an assessment of its cross-border impact within 24 hours. Following, within 72 hours, they are required to submit an interim incident report in which they describe the incident, and within 30 days, a final incident report in which they determine the severity and impact of the incident, the type and cause of the threat, the mitigation measures applied, and the cross border impact of the incident.
NIS2 readiness can be assessed by completing the GAP questionnaire to compare the current state of cybersecurity against the requirements within the NIS2 Directive.
The time to reach NIS2 compliace depends on the organization's initial readiness level, size, complexity of operations, and other country specific factors. According to expert estimates, the avearge time to reach full NIS2 compliance for most entities is 12 months.
Fines for essential entities that fail to comply with the directive's requremnts can be up to 10 million EUR, or 2% of global annual revenue, whichever is greater.

Fines for important entities are up to 7 million EUR, or 1.4% of global annual revenue, whichever is greater.

Skip the guesswork! Book a consultation with our expert and see how simple compliance can be.

NIS2 (#128)

Companies that trust us:

Companies

that trust us:

Who we are:

Read our latest blogs

Want to learn more about cybersecurity trends and industry news?

SUBSCRIBE TO OUR NEWSLETTER

CyberSecurityhub

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram