Skip to main content

NIS 2 Directive has a date of inforcement

The NIS 2 directive came into force in Spain on January 5th, 2023. The new directive 2022/2555 updated the previous regulations on network security and information systems of the European Union contained in the NIS 1 Directive promulgated in 2016.

The NIS 2 Directive, a crucial development within the EU, establishes a common framework. This framework includes cybersecurity measures for strategic sectors in the Union, significantly expanding these sectors compared to the previous NIS Directive. This update is of utmost importance for all stakeholders in these sectors.

These strategic sectors cover both public and private entities and are considered “strategic” due to their relevance to the economy and citizens within the European Union. In total, 18 strategic sectors of activity have been considered, covering diverse sectors, such as financial services infrastructure, ICT service management, research, food, education, health, the energy sector, commerce, transportation, and defence.

Novelties of the new directive

The NIS 2 directive differentiates between “essential entities” and “important entities”, considering the high criticality to which the sectors of activity belong. Within this classification, qualified trust service providers such as Víntegris are regarded as critical service providers, and their activity is included in those provided by “high criticality” sectors.

This Directive aims to define a common framework for Member States on cybersecurity and how to address existing risks in this area. To this end, before the October 17th, 202,4, deadline, Member States must adopt and approve the necessary measures to comply with the requirements established in NIS 2.

Technical requirements

Thus, NIS 2 establishes the requirements for managing cybersecurity risks. It creates a minimum of technical, operational, and organisational measures that must be implemented to prevent, detect, and minimise security incidents that affect services and ensure the resilience of the systems that support the provision of these critical services.

These measures are based on the existent security policy and the periodic performance of risk analysis, together with the adoption of the necessary security measures to deal with the detected risks.

The measures range from managing security incidents, ensuring business continuity, supply chain protection, use of cryptography, human resource security, cybersecurity training and awareness, and establishing measures such as using MFA (Multifactor Authentication) to ensure authorised access to resources, the physical security of the facilities, secure development, and vulnerability analysis, among other measures that each State of the Union must develop based on existing security standards.

On the other hand, the Directive establishes the obligation to notify security incidents, considering their classification, communication by the entities affected to the reference CSIRT (Spanish Cybersecurity and Incident Management Teams) in each Member State and collaboration between the different CSIRTs to promote cybersecurity knowledge management and the adoption of measures that prevent incidents from materialising.

Víntegris and NIS 2

Víntegris, as a qualified trust service provider, must comply with the security measures defined for organisations considered critical services. Our objectives and security policy are aligned with internationally recognised security standards such as ISO 27001:2022 and the National Security Scheme (ENS), standards in which Víntegris Information System that supports the services offered as a Trusted Service Provider is certified. These standards allow us to face from an optimal position compliance with the measures required to comply with the requirements established by the NIS 2 Directive.

At Víntegris, we continue working to guarantee security and privacy in the services provided to our clients, complying with current security standards.

Find out more details about the new NIS 2 directive in this article: https://www.vintegris.com/blog/new-directive-nis2/

Talk to our experts and discover what our solutions can bring to your company.

Contact us!

Article by Pilar García – Security and Legal Compliance Specialist at Víntegris

Leave a Reply