Entrepreneur, are you ready for October 17, 2024?

Entrepreneur, are you ready for October 17, 2024?

The NIS2 Directive (Network and Information Systems Directive 2) is an EU law regulating cybersecurity standards for state and private entities. NIS2 requires entities to implement risk analysis and risk management solutions, introduce an IT system security policy, secure supply chains or develop a Business Continuity Plan after a cyberattack. It also tightens the requirements for reporting incidents and increases the penalties for non-compliance.

What should you do?

Firstly - analyse the business profile / services provided and determine the size of the company. The User's Guide on the definition of SMEs prepared by the European Commission will help us with this. It also includes exceptions regarding the size of the company and the business activity conducted.

Secondly - register - after fulfilling the obligation to check whether the company is within the scope of the regulation, the entity is obliged to notify the relevant state authority. The Commission's Guidelines on Article 3 paragraph 1 will help us in this step. 4 of the 2022/2555 directive

Thirdly - conduct an audit of the information system, which will determine the level of security and compliance with NIS2 requirements in your company. Develop, implement, control and improve if necessary the rules of maintaining security, which will strengthen the organization against cyberattacks.

Who is responsible for planning and implementing the cyber protection plan? Management staff, appropriate teams designated for this purpose, business owners. They are the ones who must take action, analyze and implement procedures that may affect cooperation with business partners - service / goods suppliers, customers, trading partners, etc. They should also constantly verify the status of the implemented security measures - identify potential gaps and threats and adapt to changes in regulations.

NASK Cyberpolicy
2024r.