MarketplaceCommunityDEENDEENProductsCore ServicesRoadmapRelease NotesService descriptionCertifications and attestationsPrivate CloudManaged ServicesBenefitsSecurity/DSGVOSustainabilityOpenStackMarket leaderPricesPricing modelsComputing & ContainersStorageNetworkDatabase & AnalysisSecurityManagement & ApplicationsPrice calculatorSolutionsIndustriesHealthcarePublic SectorScience and researchAutomotiveMedia and broadcastingRetailUse CasesArtificial intelligenceHigh Performance ComputingBig data and analyticsInternet of ThingsDisaster RecoveryData StorageTurnkey solutionsTelekom cloud solutionsPartner cloud solutionsSwiss Open Telekom CloudReferencesPartnerCIRCLE PartnerTECH PartnerBecome a partnerAcademyTraining & certificationsEssentials trainingFundamentals training coursePractitioner online self-trainingArchitect training courseCertificationsCommunityCommunity blogsCommunity eventsLibraryStudies and whitepaperWebinarsBusiness NavigatorMarketplaceSupportSupport from expertsAI chatbotShared ResponsibilityGuidelines for Security Testing (Penetration Tests)Mobile AppHelp toolsFirst stepsTutorialStatus DashboardFAQTechnical documentationNewsBlogFairs & eventsTrade pressPress inquiriesMarketplaceCommunity

0800 3304477 24 hours a day, seven days a week

Write an E-mail 

Book now and claim starting credit of EUR 250
ProductsCore ServicesPrivate CloudManaged ServicesBenefitsPricesPricing modelsPrice calculatorSolutionsIndustriesUse CasesTurnkey solutionsSwiss Open Telekom CloudReferencesPartnerCIRCLE PartnerTECH PartnerBecome a partnerAcademyTraining & certificationsCommunityLibraryBusiness NavigatorMarketplaceSupportSupport from expertsHelp toolsTechnical documentationNewsBlogFairs & eventsTrade pressPress inquiries
  • 0800 330447724 hours a day, seven days a week
  • Write an E-mail 
Book now and claim starting credit of EUR 250

Are you “critical”? Then you need to take action on NIS2

by Redaktion
Flagge mit Silhouette Europas, Europa-Logo und Aufschrift "NIS2"
NIS2 will take effect in October 2024, introducing a new definition of “critical” companies.
 

In this article you will read,

  • why companies need to address the European security directive NIS2 now,
  • how the cloud can simplify compliance with NIS2 requirements
  • and why, with the Open Telekom Cloud, you don’t need to worry about NIS2 or other security-related regulations.


Another European compliance directive will soon come into force: NIS2, focusing on Network and Information Security (cyber resilience). NIS2 aims to enhance the overall level of cybersecurity across the EU, extending its requirements to more companies and organizations in critical sectors. Many more businesses will now be classified as “critical,” compared to previous definitions like those under the Federal Government’s CRITIS Regulation. Companies newly designated as critical should act immediately.

Strengthening cyber resilience for European digitalization

“Insufficient cyber resilience” is a common justification by EU bodies for introducing new directives, which member states are then required to incorporate into national law. This was the case with EU regulation DORA (Digital Operational Resilience Act), which came into effect in 2023 and will be applied starting January 2025. The current NIS2 initiative, focused on network and information security, also stems from concerns over weak cyber resilience among companies. NIS2 is essentially a “DORA for all,” targeting various critical industries and businesses.

NIS2 builds on a legacy: In 2016, the EU introduced the first NIS Directive to create a higher standard of network and information system security for businesses across Europe. It was the first EU-wide, uniform framework for cybersecurity. Now, with NIS2, the directive is being revisited and reinforced, with stricter requirements and more severe penalties expected.

Implementation and evidence of security best practices and IT risk management

NIS2 does not introduce entirely new concepts. Instead, it extends existing regulations for critical infrastructures (CRITIS) to include new sectors and smaller companies. It mandates that businesses implement current IT security best practices, establish robust access controls, manage systems and service resilience, handle security incidents professionally, secure supply chains, utilize encryption, and engage in active IT risk management.

What’s new about NIS2?

NIS2 introduces new sanctions (similar to the EU GDPR, fines can be based on annual turnover) and personal liability for managers. The most significant change is in how sectors are classified as critical. A total of 18 sectors are now considered “important” or “essential,” with new inclusions such as research, public administration, and ICT service providers.

To fall under NIS2, companies in these sectors must have more than 50 employees or an annual turnover exceeding 10 million euros – at least, that’s the general rule. However, smaller businesses or those with lower revenue aren’t automatically exempt. Any company performing a “critical” activity, where failure could have a “substantial” impact, may still be subject to NIS2 regulations. A common benchmark is that a service failure affects around half a million people, which could quickly apply to top-level domain registrars or trust providers. As a result, NIS2 covers significantly more companies than previous CRITIS regulations, e.g., KRITIS in Germany. The BSI offers a non-binding NIS2 impact assessment on its website.

NIS2 comes into force in October 2024?

NIS2 was scheduled to take effect in Germany on October 18, 2024, although the corresponding implementation law (NIS2UmsuCG) was still under discussion. According to current information, its implementation is likely to be delayed until the beginning of 2025. This will give companies even longer to assess whether they are subject to the directive and how they will meet its extensive requirements. Being classified as a “NIS2 company” brings significant responsibilities and obligations. For companies newly identified as NIS2-relevant, this means taking on additional tasks to ensure they can continue delivering their services.

How can you meet the requirements?

Experts recommend certification, such as ISO 27001, as a way to ensure compliance with NIS2. However, achieving ISO certification is resource-intensive and time-consuming, making it unlikely to be feasible by the beginning of 2025. An alternative solution could be to outsource part of the certification and compliance workload to a service provider by migrating IT services to a platform that already meets these compliance standards.

The cloud trick for NIS2

This is where solutions like the Open Telekom Cloud come into play. The Open Telekom Cloud has been meeting key security requirements for many years. By moving workloads to this platform, companies benefit from comprehensive certifications and advanced information security and risk management practices that exceed ISO 27001 standards. This also includes the KRITIS certification for critical infrastructure.

Switching to a secure, European cloud is a smart way to quickly achieve NIS2 compliance with minimal effort – or at least make significant progress in meeting NIS2 requirements.


This content might also interest you
 

Hands of a man on a laptop keyboard, in the foreground of the picture a digital lock in a cloud

Gold standard in the cloud industry: Open Telekom Cloud certified according to BSI C5:2020, and SOC 1, SOC 2, SOC 3

The Open Telekom Cloud meets the strict requirements of the BSI C5:2020 cloud test certificates as well as the SOC 1, SOC 2 and SOC 3 requirements catalog.

 
A woman and a man holding a tablet on which an evaluation can be seen

Secure cloud for social service providers

Social service providers can host data that falls under the social service data secrecy law in the Open Telekom Cloud as standard.

 
A woman and a man point their fingers at a digital lock on a glass wall

Open Telekom Cloud opens up to professional secrecy holders

Professional secrecy holders can use the Open Telekom Cloud for storing and processing data without hesitation within the meaning of § 203 of the German Criminal Code (StGB).

The Open Telekom Cloud Community

This is where users, developers and product owners meet to help each other, share knowledge and discuss.

Discover now

Free expert hotline

Our certified cloud experts provide you with personal service free of charge.

 0800 3304477 (from Germany)

 +800 33044770 (from abroad)

 24 hours a day, seven days a week

Write an E-Mail

Our customer service is available free of charge via E-Mail

Write an E-Mail

AIssistant Cloudia

Our AI-powered search helps with your cloud needs.