Willkommen

Are you ready for the NIS2 directive?

Is your company affected? What measures can you take to comply, with the new EU requirements for strengthening cyber security?

These customers already trust us

Are you affected by the NIS2 Directive?

The question of whether your organisation is affected by the NIS2 directive is a crucial one.
With our impact check, you can quickly and easily get an initial assessment of whether your company is one of the affected organisations. The NIS2 Directive applies to public or private organisations that provide services in the European Union and meet certain criteria.

Since there is often uncertainty about which companies are specifically affected, our impact check offers you a quick orientation. Get a personalised recommendation in just 2 minutes.

Note: The results are for self-assessment purposes only and are not legally binding.

Do you provide services in the EU or do you practise there?

Does your organisation operate in at least one of the following sectors?

These sectors include both highly critical and other critical areas. Please check the following lists to see if any of these sectors apply to your organisation.

Does your organisation employ at least 50 people and generate an annual turnover or an annual balance sheet total of more than €10 million?

Your result: likely to be affected

Based on the information you provided, your organisation is likely to fall under the NIS2 Directive. Please note: This result is for guidance only and is not legally binding.

Do you have any questions about the NIS2 Directive or need support with its implementation? We're happy to help. Contact us by phone or using our contact form. Our experienced experts look forward to assisting you.

Your result: probably not affected

Based on the information you provided, your organisation is not likely to fall under the NIS2 guideline. Please note: This result is for guidance only and is not legally binding.

Should you have any further questions about the NIS2 directive or require a more detailed audit, we will be happy to help. Please contact us – by phone or using our contact form. Our experienced experts will be happy to support you.

That's the point.

The EU has adopted the second directive on network and information security, also known as the NIS2 directive. This is intended to further increase cyber security in many sectors of the economy. Particularly important: compared to the previous NIS directive, NIS2 is significantly more comprehensive and provides for tougher sanctions.

The directive affects companies with 50 or more employees or an annual turnover of €10 million. These companies and organisations in 18 critical sectors in Germany will be subject to mandatory security measures and reporting requirements from October 2024 – and incidentally also for many that were not affected by the previous legislation. Here you will find everything you need to know and should be aware of. Because violating the NIS2 could result in personal liability and heavy fines.

Are you affected?

The first and most important question is: Does your company fall under the NIS-2 directive at all? This depends mainly on two factors: firstly, the size of your company and, secondly, the sectors or industries in which you operate. The NIS2 Directive applies to public or private entities providing services in the European Union and divides them into Essential and Important Entities.

Some of these sectors are listed below. However, to determine whether your company falls into one of the sectors, you should seek advice – for example, from our experts.

Sectors with high criticality

  • Energy
  • Transportation
  • Banking
  • Financial market infrastructure
  • Healthcare
  • Drinking water
  • Wastewater
  • Digital infrastructure
  • ICT service management
  • Public administrations
  • Space

Other critical sectors

  • Postal and courier services
  • Waste management
  • Manufacturing, production, and distribution of chemicals
  • Food production, processing, and distribution
  • Manufacturing
  • Digital service providers
  • Research

ISMS: The foundation of your cyber security

Does the NIS2 directive seem too complex to you? It doesn't have to be. You can already meet 70% of the requirements if your company has an information security management system (ISMS) that complies with the ISO 27001 standard. This is because an ISMS, as the cornerstone of your company's cyber security, protects sensitive company data from unauthorised access, theft or manipulation. It also enables you to take a structured and systematic approach to managing and optimising your IT security. Do you want to start here? Then get in touch! Our experts will help you establish an ISMS and also support you in implementing standards such as ISO 27001.

These measures can be implemented now.

Check criteria.

Check whether your company is affected by the new legislation. This will determine whether you need to take action. Since the classification is often difficult to make, it is advisable to seek professional advice from experts – such as us.

Inform employees.

If your company falls under the NIS2 directive, you should inform management and the departments affected, for example IT, production, logistics and service.

Analyse business goals.

The NIS2 directive is an additional burden to achieving your business goals. Therefore, create a gap analysis at an early stage that takes this burden into account in your strategic business planning.

Plan resources.

Meeting the requirements of the NIS2 directive is very resource-intensive. You should therefore plan for the necessary resources at an early stage.

Know the requirements.

The NIS2 directive requires organisations to establish processes for risk analysis and management, for information security and for the management of cyber incidents. To familiarise yourself with these, you can use the ISO 27001 criteria for an ISMS as a guide.

Check suppliers.

Your suppliers are also affected by the NIS2 directive – because cyberattacks that can affect their company are possible here as well. That's why you should check the information security of your suppliers right now.

This is what you face if you fail to comply

There are many new laws, and it is not always easy to implement all the requirements by the deadline. However, in the case of NIS2, we strongly advise that you implement it fully and on time. This is because failure to comply carries particularly severe sanctions – not only for your company, but also for individuals.

  • The managing directors and management level can be held personally liable for failures in implementation
  • Fines can be up to €10 million or 2% of total revenue (essential entities) or €7 million or 1.4% of total revenue (important entities)
  • The supervisory authority can suspend business operations if this is necessary for network security
  • Last but not least, highly professional cyber attacks can cause substantial damage to a company, whether through malware, industrial espionage or data theft

So join us!

The requirements of the NIS2 directive are high and complex. Both in terms of the requirements and technical implementation, as well as effective personnel planning and official formalities. It is therefore better to rely on competent and experienced experts such as the bitbase group at your side during implementation. Because with us you benefit from:

  • full protection of your company and your information against security risks and your reputation against loss of trust
  • Automated processing thanks to an AI-supported platform and extensive integration options in your existing workflows
  • mehr Ressourcen und höherer Effizienz Ihrer Teams dank geringerer manueller Aufwände
  • More resources and greater efficiency for your teams thanks to less manual effort

Would you like support?

Would you prefer to have a competent partner at your side for the implementation of the NIS2 directive? A good decision - for the security and future viability of your company. Now there is only one thing left for you to do: Get in touch with us - by phone or contact form. Our experts look forward to hearing from you and will arrange a personal consultation with you.

 

Most frequently asked questions

The NIS2 Directive imposes mandatory security measures and reporting obligations on many companies and organisations in 18 critical sectors. NIS2 replaces the 2016 NIS Directive and aims to achieve a better common level of cybersecurity in the EU. Compared to the previous NIS Directive, NIS2 greatly expands the scope, obligations and regulatory oversight of the companies concerned.

NIS stands for ‘Network and Information Security’.

 Public and private organisations in 18 different sectors are affected by the NIS2 Directive if they have at least 50 employees or at least €10 million in annual turnover and annual balance sheet total. A detailed list of the sectors can be found at the top of this page.

After the directive was adopted in the EU in 2022 and has been in force since 2023, it must be transposed into law in all member states, including Germany, by 17 October 2024 at the latest and applied from 18 October.

Violations of the NIS2 Directive can result in high fines and personal liability at managing director and management level. The fines can amount to up to 10 million euros or 2% of annual turnover.

As CEO, you are responsible for ensuring that the necessary measures are implemented in accordance with the new EU NIS2 Directive and you could be held personally accountable if these provisions are breached.
Under NIS2, CEOs are required to attend training courses and ensure that these are made available to their employees.

Talk to our experts.

We will be happy to advise you and look forward to your questions.

HEAD OF COMPLIANCE

Markus Vatter

+49 7121 6808490
markus.vatter@bitbasegroup.com