Determine your next steps to ensure compliance with the new NIS2 guidelines.
NIS2 is a European directive focused on the security of Network and Information Systems (NIS2) and contains a set of regulations to ensure the security and resilience of these systems throughout the European Union (EU). This directive seeks to improve cybersecurity in the EU in several ways. These guidelines are an extension of the existing NIS guidelines (since 2016), but also extended to other sectors.
With EU countries adopting the NIS2 directive by the end of 2022, member states still have two years to transpose it into national legislation. The Belgian government have approved the draft law since April 18 and is currently being transposed into law, with the goal of becoming effective Oct. 17, 2024.
Go to our dedicated NIS2 website and download our new Ebook.
The NIS2 directives apply to critical (important) as well as very critical (Essential) entities and services. Companies between 50 and 250 employees are considered “important” entities, while entities with more than 250 employees fall under “Essential.” Smaller entities fall outside this scope, but may still be determined as critical or very critical by our government. Especially in the Supply Chain, larger entities may have higher security requirements for their “smaller” suppliers. That is why it is important to inform yourself well with the Cybersecurity Center Belgium (CCB)
An important element within these directives is top management accountability. Thus, top management is required to undergo additional training to master the content of these NIS2 directives. In the event of an incident, management can be held liable for this. Awareness among its own personnel must also be updated on a regular basis.
The CCB also refers to the Cyberfundamentals Framework which is based on the well-known ISO27001 framework. This framework consists of 5 core functions :
This cyberfundamentals framework is already being used as a framework for both the important and essential entities. In short, any company that qualifies for the NIS2 directives will need to apply these 5 core functions of the framework.
For example, we at Kappa Data are already seeing many questions coming in about the various solutions for both Detect and Response requirements.
The NIS2 legislation will be a challenge for many companies. Beyond applying additional security technologies, company management will have to perform risk assessments on every part of its business. Thus, numerous procedures and regulations will have to be established, which will require a lot of time and administration from the company.
On April 18, the Belgian Parliament also unanimously approved the draft law from the EU and work is currently underway to transform this draft into a proper legal text that will then become active on October 17, 2024.
Companies still have extra time to register as an important essential company with the CCB until March 31, 2025, but must take the initiative to do so themselves.
The final deadline for the application of the NIS2 legislation has been set for April 18, 2027, giving companies time to put both procedures, administration and other application in place.
However, essential entities will have to comply with the basic measures of the Cyberfundamentals framework by April 18, 2026.
For both essential and key entities, it is recommended to start by implementing the basic measures of the Cyfun framework and you can also obtain an attestation for this from the Conformity Assessment Body.
You can visit the page above to perform your own scope test soon, find a self-assessment tool and obtain an attestation.
Did you miss one of our webinars, but would still like more info on how Kappa Data can help your business? No worries, send your question to one of the email addresses listed below :
Enacting legislation around cybersecurity will make businesses more resilient to massive cyber-attacks by hackers. However, this legislation will cause quite a few headaches for many business owners. There are quite a few challenges to raising awareness within companies, establishing procedures and ISMS systems. Therefore, we at Kappa Data offer our knowledge and solutions to IT Partners to solve issues around total network visibility, vulnerability management, detect-response-recover solutions, Network Access Control and many other technologies considered necessary within the NIS2 legislation.
As a Value Added Distributor, we recommend that our partners reach out to their customer base themselves and start the conversation, how they can unburden their customers with technology. Would you like to learn more about one or more solutions? Then contact your Account Manager, to set up a meeting. We are happy to help our partners implement technology solutions for the NIS2 requirements with their customers.
Still have questions about NIS2? Get in touch with our team. We will be happy to help you further.
Download the NIS2 Ebook here
Kappa Data supports resellers and customers with comprehensive technical expertise, training courses and guidance. Our technical and presales teams are always on hand for you!
At Kappa Data, you enjoy a very personal and professional approach; from rapid quotes to demos and customer-friendly service with regular contact people. We’re here for you.
Kappa Data is a value-added distributor that helps you find solutions. We make sure that all the parties involved are happy, and mediate where necessary should conflict arise.
A trusted partner for over 25 years.
Snijders Compuservice, Jef Snijders