Is your business ready for NIS 2 compliance?

The European Union will begin enforcing the new regulations embodied in version 2 of its Directive on Security of Network and Information Systems (NIS 2, for short) on 17 October 2024. Designed to respond to a global cyberthreat environment that has become significantly more challenging since the 2016 introduction of the original NIS Directive, NIS 2 requires businesses operating in the EU to meet a broad range of new requirements to improve their cyber resilience, i.e., their ability to both defend against cyberattacks and recover quickly when an attack does succeed.

Further, NIS 2 casts its regulatory eye on many more businesses than the large enterprises that NIS 1 focused on: any business generating at least €10 million in annual turnover per year, and organizations of any size operating in sectors designated as “essential” (i.e., energy, health care, transportation and water), or “important” (i.e., manufacturing, food, waste management and postal services) must now comply.

To help businesses prepare for NIS 2 compliance, Acronis has created a white paper entitled, “NIS 2 briefing for businesses: What the NIS 2 compliance standards mean for companies doing business in the European Union (EU).” It examines the NIS 2 Directive in detail, focusing on the new cyber resilience requirements that businesses must observe, and providing concrete recommendations on the steps that business and technology leaders should take to avoid the hefty new sanctions that NIS 2 levies on noncompliant organizations. Key topics include: