Starting next month, companies operating in the European Union (EU) face stricter cybersecurity regulations under the Network and Information Security Directive 2 (NIS 2).
Steep Fines or Service Suspensions
Set to take effect on October 17, NIS 2 aims to enhance the cybersecurity defenses of critical industries such as banking, energy, healthcare, and transportation. Companies that fail to meet these new standards could face steep fines or even service suspensions.
NIS 2 builds on previous legislation, expanding its scope to address modern cyber threats and vulnerabilities, according to Ziare.
The directive mandates stricter internal practices for risk management, corporate responsibility, and business continuity planning in the event of a cyber breach.
Companies will also need to scan their digital supply chains for weaknesses and report security breaches within 24 hours.
Cybersecurity as an Advantage
Firms considered essential, such as those in finance, transportation, and waste management, may face fines of up to €10 million ($11.1 million) or 2% of their global revenue if they fail to comply.
Non-essential businesses, such as food and chemical companies, could be fined up to €7 million ($7.8 million) or 1.4% of their annual revenue.
NIS 2 is designed to elevate the cybersecurity standards across the EU and ensure that companies are adequately protected against cyberattacks.
"NIS 2 will set a global standard for protecting citizens and ensuring operational resilience in the face of cyber threats," said Geert van der Linden of Capgemini.
The directive encourages businesses to treat cybersecurity as a competitive advantage rather than a compliance burden.