Click here to sign up
for DBI's newsletter

What is the NIS2 directive?

The NIS2-directive is an update and expansion of the NIS-directive. Its purpose is to strengthen cybersecurity in the EU, and it aims to increase resilience and response to cyber threats across vital sectors and digital services.

What does the NIS2 mean?

NIS2 stands for Network and Information Systems Directive 2 and introduces stricter security requirements and reporting obligations for a broader range of companies than the original NIS. This includes essential service providers and digital platforms. It is up to each member state country to refine and implement the directive into their respective national legislation.

Who is covered by the NIS2 directive?

The expansion covers several sectors including energy, transport, banking, healthcare, digital infrastructures, public administration, as well as providers of public digital services and essential digital platforms e.g. social networks and cloud services. Note that as a subcontractor to these industries, you may also be subject to the directive's requirements.

   SectorSub Sectors
Large
+250 or > 50 mio. €		Medium
50-249 or > 10 mio. €		Small
Less than 50 employess
energi
EnergyElectricity, District Heating and District Cooling, Oil, Gas, Hydrogen
EssentialImportantNot covered
transportTransportAir, Rail, Water, Road
EssentialImportantNot covered
bankBanking Sector
Credit Institutions
EssentialImportantNot covered
Finansielle-markeds-infrastrukturerFinancial Market Infrastructures
MarketplacesEssentialImportantNot covered
SundhedHealthcareHealthcare Providers; EU Reference Laboratories; Research and Development (R&D) in Pharmaceuticals; Manufacture of Basic Pharmaceutical Products and Preparations; Manufacture of Medical Devices
EssentialImportantNot covered
DrikkevandDrinkingwaterEssentialImportantNot covered
SpildevandWastewaterOnly if it is a substantial part of their serviceEssentialImportantNot covered
Digital-infrastrukturDigital infrastructure
DNS Service Providers, Cloud Services, Data Centers, Content Delivery, Internet Exchange Points, Non-Qualified Trust Service Providers, Top-Level Domain (TLD) Name Providers, Communication Networks
Essential*Essential/ Important
(based on Sub Sectors)
*Essential/ Important
(based on Sub Sectors)

kommunikations-teknologiInformation and Communication Technology (ICT) Providers
Managed service providers, managed security service providers

EssentialImportantNot covered
Offentlig-forvaltningPublic Administration
(excluding Parliament, Courts, and the Central Bank)
*Essential (central)
Important (regional)
*Essential (central)
Important (regional)
*Essential (central)
Important (regional)
RummetSpaceOperators of Ground-Based Infrastructure
EssentialImportantNot covered
Post--og-kurertjenesterPostal and Courier Services
Electricity, District Heating and District Cooling, Oil, Gas, Hydrogen
ImportantImportantNot covered
AffaldshåndteringWaste Management
Waste management must be the primary purpose
ImportantImportantNot covered
KemikalierChemicalsProduction, Manufacturing, Distribution
ImportantImportantNot covered
FødevarerFoodWholesale Production and Industrial Production and Processing
ImportantImportantNot covered
FremstillingManufacturingMedical Devices; Computer, Electronic and Optical Products; Electrical Equipment; Machinery; Motor Vehicles, Trailers, Semi-Trailers; Other Transport Equipment
ImportantImportantNot covered
Digitale-udbydereDigital Providers
Online Marketplaces, search engines, social media platforms
ImportantImportantNot covered
ForskningResearchResearch Organisations (Optional for Member States: Educational Institutions)
ImportantImportantNot covered

When does the NIS2 directive come into effect?

The original deadline for the EU's implementation of the NIS2 Directive was set for October 17, 2024. However, delays have affected Denmark, where the Ministry of Defence now expects the relevant legislation to come into effect on January 1, 2025. This delay is due to a postponement in presenting the NIS2 and CER legislative proposals, as announced on the Ministry of Defence's website on March 18, 2024.

What minimum requirements does the NIS2 directive set for your organisation?

Management commitment: Requirement for leadership/management to engage directly in cybersecurity management.


Risk analysis and assessment: Extensive and regular assessment and management of cybersecurity risks.


Incident reporting: Reporting cybersecurity incidents to national authorities.


Security measures: Security measures to protect networks and information systems.


Cyber hygiene and awareness: Basic security measures such as regular system updates, strong passwords, multi-factor authentication, and security awareness training.


Information security policy:  Implementation of an information security policy based on the company's specific circumstances.


Standards

A good starting point for achieving compliance is working according to IEC standards, as they support the NIS2 Directive's goal of improved cybersecurity.

ISO/IEC 27001 focuses on the overall structure.
ISO/IEC 27002 provides guidance on security practices and controls.
ISO/IEC 27005 helps identify, assess, and address security risks.
These standards help organisations implement effective security measures and risk management, which is essential for meeting NIS2 requirements.

DBI can help you meet the new legal requirements

Specific examples of our services:

DO YOU WANT TO KNOW MORE? CONTACT US OR REQUEST A CALL

Jesper Florin Head of Security Certified Security Advisor®, CFPA Certified Business Continuity Professional (CBCP), DRII
+45 51 35 37 07 jfl@dbigroup.dk
Andreas Norstedt Security Advisor
+45 50 80 78 33 apn@dbigroup.dk
Karin Castro Functional Manager
+45 50 80 78 32 kcm@dbigroup.dk

CALL ME – FILL IN THE FORM AND WE WILL CONTACT YOU

Company*
Name*
Email*
Phone*
Comment
* required
Submit
CLICK HERE TO SIGN UP FOR DBI'S NEWSLETTER