As of Thursday, the NIS2 Directive—an essential regulation designed to bolster cybersecurity across Europe—has become enforceable. However, a concerning number of EU member states have failed to adopt the directive in time, leaving many organizations unprepared for the new requirements. Notably, only Belgium has fully implemented the directive, while countries like Portugal and Bulgaria have yet to initiate the necessary transposition into national law.
What is NIS2?
NIS2, or the Network and Information Security Directive 2, is a comprehensive EU regulation aimed at enhancing the cybersecurity posture of organizations across the board. Proposed in 2020 as an update to the original NIS Directive, NIS2 addresses modern cybersecurity challenges and threats by expanding its scope to include a wider range of sectors. It imposes stringent requirements on companies regarding risk management, transparency obligations, and business continuity planning in the event of a cyber breach. This directive applies to a variety of organizations providing essential services—such as banks, energy suppliers, healthcare institutions, internet providers, and transport firms—mandating that they bolster their cybersecurity measures and report vulnerabilities and incidents within tight deadlines.
Why Did This Happen?
Complexity of Implementation: The NIS2 Directive sets a high benchmark for companies concerning their internal cybersecurity systems and practices, including tougher requirements around risk management, transparency obligations, and business continuity planning. This complexity has left many countries scrambling to comply.
Resource Constraints: The ongoing impact of the pandemic has strained budgets and resources, hindering the ability of governments and organizations to prepare for the directive’s demands. This has led to a slow start in implementing robust cybersecurity measures.
Lack of Expertise: Many organizations continue to struggle with basic cybersecurity practices. The advanced requirements of NIS2 present a steep learning curve, especially for smaller businesses lacking the necessary expertise.
Political and Bureaucratic Delays: Political disagreements and bureaucratic hurdles have stalled the legislative processes required for compliance in several member states. These delays create confusion and uncertainty for organizations trying to navigate the new landscape.
Discrepancies in Local Adaptation: Local adaptations of the NIS2 regulations have created discrepancies that complicate compliance efforts, particularly for smaller organizations with limited resources.
Why Armis is Positioned to Help
In light of these challenges, Armis is uniquely positioned to support organizations in achieving compliance with NIS2 and enhancing their cybersecurity posture. Here’s how:
Comprehensive Awareness of your Assets: Armis provides unparalleled visibility into devices across all environments—IT, IoT, IoMT and operational technology. This comprehensive oversight is crucial for organizations to understand their risk landscape and implement necessary controls.
Automated Compliance Frameworks: Our platform Armis Centrix™offers built-in compliance features that simplify the alignment with NIS2 requirements. By automating many aspects of compliance, Armis makes it easier for organizations to demonstrate adherence to regulations.
Compliance Tailored to your Industry: Armis understands that every industry is regulated differently. In addition to NIS2 we help organizations comply with a variety of different frameworks and standards.
Securing the Supply Chain (Preamble 51) Armis monitors third-party devices and provides compliance reporting to ensure supply chain security.
Security by Design (Preamble 58) Armis integrates with existing systems and enforces security policies to embed security into network architecture by design.
Collaboration & Information Sharing (Preamble 59) Armis facilitates threat intelligence sharing and community collaboration to strengthen collective cybersecurity efforts.
Threat Detection and Response: Continuous monitoring for vulnerabilities and threats is a cornerstone of Armis’s offering. Our real-time insights empower organizations to respond swiftly to potential security incidents—an essential component of NIS2 compliance.
World Class Research Team: Armis Labs is dedicated to helping organizations navigate the threat landscape. We provide tailored support to ensure our clients understand where they might be falling short on their security programme, in turn helping with compliance.
Top Things to do Right Now
Conduct a thorough risk assessment to identify vulnerabilities and prioritize critical assets for network and information security.
Implement more robust cybersecurity measures such as firewalls, intrusion detection systems, and encryption to protect sensitive data and critical systems.
Ensure continuous monitoring and incident reporting by establishing real-time network monitoring and a clear process for reporting incidents to authorities.
Develop a comprehensive supply chain security strategy to ensure third-party vendors and service providers adhere to security standards.
A Call to Action
The missed deadline for NIS2 compliance serves as a critical reminder for organizations across Europe. Cyber threats are evolving and the importance of making cybersecurity measures more robust is becoming evident. With severe penalties for non-compliance—up to €10 million for essential services and €7 million for important businesses—organizations must prioritize compliance.
Share this Article
Get Updates
Sign up to receive the latest from Armis.