Cybersecurity & NIS2

NIS2

Because organizations need to arm themselves more and more against cyber threats , the European Union has introduced anew Network and Information Systems Directive (NIS2 Directive). This Directive not only strengthens the cybersecurity measures from its predecessor, but also expands the scope and introduces new provisions and obligations.

The NIS2 Directive is an important step forward in improving cybersecurity in the European Union. By focusing primarily on supply chain obligations (the “supply chain“), driver liability and comprehensive cybersecurity measures, the directive is clearly aimed at strengthening the resilience of critical infrastructure to cyber threats. Thus, many organizations will need to make efforts to make cybersecurity an absolute priority by investing in robust risk management practices.

Want to know more? Read our blogs about NIS1:

• NIS directive in Belgium
• NIS directive in Belgium: an update

What do we do?

One of the main focuses of the NIS2 Directive are the supply chain obligations that require organizations to assess their suppliers’ cybersecurity risks and ensure that appropriate measures are taken to mitigate those risks. For example, organizations are required to exercise due diligence when engaging with suppliers, especially those providing essential services or critical infrastructure. This includes assessing vendors’ cybersecurity capabilities and practices, ensuring compliance with relevant security standards, and drafting contractual agreements that clearly define security requirements and responsibilities.

Moreover, in an effort to encourage proactive cybersecurity practices, the NIS2 Directive imposes liability on board members at the highest levels of organizations if the obligations are not adequately implemented. It thus creates an important tool to promote a culture of cybersecurity awareness and responsibility by holding board members accountable.

IFORI can guide your organization through the complex obligations organizations must meet to increase cybersecurity resilience and effectively mitigate risk, including:

• Supply chain: in the supply chain, there is an obligation to implement appropriate security measures in the relationship with direct suppliers taking into account both the vulnerabilities specific to each supplier and the overall quality of products and cyber security practices of suppliers.

• Risk management: Organizations should implement risk management frameworks to identify, assess and mitigate cybersecurity risks. This includes conducting regular risk assessments, defining risk tolerance levels, and implementing appropriate security controls to address identified risks;

• Security measures: NIS2 emphasizes the importance of implementing technical and organizational security measures to protect network and information systems. This includes measures such as encryption, access controls and intrusion detection systems tailored to the specific risks and vulnerabilities of organizations;

Our added value

IFORI’s added value arises from our combined technical, legal and practical knowledge around implementation of new processes within enterprises. IFORI can call on a multidisciplinary team of experts which allows us to take a holistic approach that takes into account all relevant areas of law, without sacrificing quality or thoroughness.

Are you getting questions from your client about your information security measures? Or would you like to know more about the exact obligations that apply to your organization?

Contact us!