Europe is very busy creating cybersecurity legislation such as the 'NIS2'. NIS stands for Network and Information Security. NIS2 is a directive that instructs more and more organisations in the EU (especially companies with a high importance for the economy and society) to take their cybersecurity to a higher level, in order to guarantee a certain minimum level of cybersecurity. Although awareness around cybersecurity is increasing among organisations, analyses of security incidents and data breaches often show that security incidents could have been prevented if organisations had been more careful. What is expected of your company in terms of protect, detect, respond & cover and how do you comply with the law and exclude liability?
The NIS2 is coming. Would you like to know more about Ploum's cybersecurity services?
RegisterThe first NIS guideline was put into effect in 2016. It is implemented in the Netherlands in the Network and Information Systems Security Act (Wbni). The NIS has three basic ‘pillars of security’:
These three pillars currently form the basis of the security requirements for the vital sectors (also called digital service providers and essential service providers).
In its current form, NIS2 will cover more sectors than the NIS. NIS2 covers the following sectors: energy, transport, banking, financial market infrastructure, healthcare, drinking water, waste water, digital infrastructure, public administration, aerospace, postal and courier services, waste management, chemicals, food production, manufacturing and digital providers. However, the NIS2 will also provide a degree of flexibility to allow member states to identify smaller entities that, according to them, also have a high security risk profile.
NIS2 also aims to improve supply chain security by requiring individual companies to manage cyber security risks in supply chains and in their relationships with suppliers. The proposed amendments also aim to strengthen supply chain cyber security for key information and communication technologies at European level.
To ensure that effective action is taken, directors can be held liable for cyber incidents or even potentially be suspended under the NIS2. To prevent this, there are obligations when it comes to governance and incident reporting. And if things really go wrong, there will soon be the possibility of imposing fines of up to € 10 million or 2 per cent of global annual turnover. In short, there will be more supervision/inspection and enforcement will become stricter. All the more reasons to take this very seriously.
Does your company belong to the so-called vital sectors or are you a supplier in one of these sectors and do you want to know what is coming (legally)? Specialists Hugo van Aardenne and Jouko Barensen organise 2-hour (tailor-made) boardroom sessions in which they provide information on what you can expect in this area in the near future, and explain which basic measures you can take to (continue to) comply with the law.
Above, we have discussed the NIS2 Directive. There are many more rules and regulations that might be relevant to your company.
Additionally, you might want to know which steps need to be taken if your company becomes a victim of cybercrime. Do you have an obligation to report this? Do you need to file a complaint? Do you inform all your customers? Do you need to inform your personnel?
If you are interested in discussing this in a (boardroom) session, you can register via this form.
Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.
Stay up to date with the latest legal developments in your sector. Fill in your personal details below to receive invitations to events and legal updates that matches your interest.
Follow what you find interesting
Receive recommendations based on your interests
{phrase:advantage_3}
{phrase:advantage_4}
We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.
A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.
