Data security for companies prescribed in NIS-2

The new NIS Directive: More security for critical infrastructures

The NIS Directive (Network and Information Security Directive) is an EU directive that aims to improve the security of critical infrastructures. The directive was first adopted in 2016 and came into force on August 10, 2018.

On January 16, 2023, a revised version of the NIS Directive, NIS-2, was launched, which is to be implemented at national level in 2024.

Area of application

The NIS 2 Directive extends the original scope for critical infrastructures to include the supply industry, so that supply chains are also protected in the event of an incident. The following "essential" sectors were already originally included.

Healthcare
Virtual infrastructure
Transportation
Water supply
Digital service providers
Banking
Financial market infrastructure
Energy

In addition, these "important" entities will also be covered by the NIS 2 regulations in the next version:

Providers of publicly accessible communication networks or services
waste water
Chemicals
Extended circle in the healthcare sector: Pharmaceuticals, research and development, critical medical devices
Food producers, processors and distributors
Manufacture of critical products e.g. computers, electronics, motor vehicles
Digital providers such as social networking platforms, search engines and online marketplaces
Space transportation
Postal and courier services
Civil services

It depends on the size of the company and its turnover which companies have to meet the NIS 2 requirements. A distinction is made between medium-sized and large companies:

Medium-sized companies: 50-250 employees, EUR 10-50 million turnover, balance sheet total under EUR 43 million
Large companies with more than 250 employees, over EUR 50 million turnover, balance sheet total over EUR 43 million

Obligations of affected companies

Companies must take the following measures:

Establish a risk management system for information security (ISMS)
Implement technical and organizational measures to secure their IT systems (state of the art)
Carry out regular training and exercises on information security

NIS-2 also introduces reporting obligations for incidents:

An initial report of a significant security incident within 24 hours of discovery
Submit an initial assessment of the incident within 72 hours of discovery
Submit a detailed final report within one month of discovery of the incident

Have we aroused your interest in our solutions?

We look forward to talking with you!

Possible sanctions

In addition to the obligation to report security incidents, NIS 2 also tightens the penalties for non-compliance. Fines of up to 10 million euros or 2 percent of annual global turnover, whichever is higher, are envisaged for significant facilities. For significant institutions, the maximum fine is limited to EUR 7 million or 1.4 percent of annual global turnover.

The Federal Ministry of the Interior's draft bill also stipulates that managing directors and other management bodies of companies are liable with their private assets for compliance with risk management measures. The fine can amount to up to 2 percent of annual global turnover.

Implementation in Germany

On March 29, 2023, the German government passed the law to implement the NIS 2 Directive. The law provides for national implementation by October 17, 2024.

Summarized

The NIS 2 Directive is an important step towards improving the security of critical infrastructures in the European Union. The directive obliges companies in critical sectors to take measures to secure their IT systems.

In order to meet the implementation deadlines and protect themselves from possible sanctions, companies should therefore address the requirements of the NIS 2 Directive at an early stage.

Case studies with implemented security projects

IT provision enables effective health care

Hospital Information System (HIS) at Grünstadt Hospital successfully moved: Everything remote - during ongoing operation - without any downtime.

Starline makes machine builder's storage systems up and running again

SIMTEK needed a system refresh to ensure a smooth workflow and effective backup: A power injection for precision tool manufacturer.

Archiware Starline Video Case Study

A moving image example of how we effectively backed up creative media professionals using the Archiware P5 backup suite and LTO technology.

Our qualities

Highly Competent

Experienced and trained technicians do performance and functional checks and offer quick help in case of failure.

Free Guidance

Our excellent email support and technical hotline are free of charge for our customers.

High Availability

Sales: You can reach us weekdays from 7:30 am to 5:00 pm (Fr. 4:30 pm). Support: Assistance from 8:30 am to 5:00 pm (Fr. 4:30 pm)

Innovative products

Our product managers and technicians are constantly searching for sophisticated server and storage products.

Any questions?

Bernd Widmaier

Sales

Sales manager and expert in vertical markets and in Mac, video storage and media streaming.