Directive on Measures to Ensure a High Common Level of Cybersecurity in the EU (NIS2)

Who is subject to the NIS2 Directive?

NIS2 is a European directive that sets uniform requirements for the cybersecurity of defined entities. The NIS2 directive affects approximately 6,000 entities, including medium and large enterprises operating in critical sectors such as energy, transport, healthcare and others. Entities are categorised into essential and critical. We will let you know on request whether or to what extent the NIS2 directive applies to you. Contact us.

The NIS2 Directive covers the following areas of cyber security regulation:

  • cybersecurity practices and policies
  • rules and standards for ICT risk management, including security and governance
  • continuity management
  • supply chain security
  • reporting of significant cyber incidents to supervisory authorities (National Cyber and Information Security Agency), incident management
  • controls (National Cyber and Information Security Agency); penalties for non-compliance can reach up to €10 million or 2% of net turnover.

Each obliged entity affected by the NIS 2 regulation is required to set and comply with internal rules for the proper management of ICT technologies within its operations and for cyber security. The development of internal standards is often entrusted by companies to lawyers and cooperating ICT experts.

What can we do for you?

Our services are provided to meet the requirements of ICT governance while not unnecessarily burdening your business beyond what is necessary. We work with cyber security experts who bring the necessary IT insight and erudition to the solution. The result is a comprehensive and personalised NIS2 solution. DORA's turnkey solution means that:

    • we assign you a personal project manager who will be in charge and help you set up your NIS2 obligations
    • we will help you draw up a system of internal rules - internal regulations that describe all the necessary processes (ICT strategies, policies, procedures)
    • we will design a system for training and testing of staff
    • create other related template documents such as mandates, notices, reports, etc. needed to meet NIS2 obligations
    • set up contractual arrangements with external ICT service providers (outsourcing), including exit strategies and transition plans
    • we will assist you with your NIS2 obligations on an ongoing basis
CONTACT US

What will we need from you?

  • information about you (we will sign a non-disclosure agreement)

  • basic information about your ICT solution and planned setup

  • other information according to the type of obliged person

  • the time of your ICT staff

How long will this take?

Inventorying and setting up ICT rules and processes usually takes 2-3 months, depending on the synergy.

For whom have we already developed a system of internal policies?

We have developed ICT rules for clients such as securities dealers, payment service providers or companies in the energy and water sectors.

How much will it cost?

The cost depends on the complexity and scope of your business. After a telephone or personal consultation, you will receive a specific written offer from us. We will help you. Contact us.

Do you want to arrange a CNB licence?