NIS-2 Directive:What is the best way for companies to implement cyber security requirements?

Author: Dr Markus Hülper, Attorney at Law

Increasing networking and digitalisation not only bring numerous benefits, but also considerable risks. Cyber attacks and IT security incidents can have a serious impact on companies and society. To counteract this, the EU’s NIS 2 Directive places increased demands on companies’ cyber security. The directive obliges a large number of companies in various sectors to take comprehensive security measures.

Germany has already taken measures to transpose the NIS 2 Directive into national law. The Federal Republic of Germany pursues a comprehensive approach that includes legal as well as technical and organisational measures. (You can read more about this in the article NIS 2 Directive: Implementation and current status in Germany)

Who is obligated?

The NIS 2 Directive applies to companies and organisations operating in certain critical sectors. The 18 sectors affected include, among others:

What are the requirements?

The NIS 2 Directive places a number of technical, operational and organisational requirements on the companies concerned, including

What do companies need to look out for?

Various areas of the company are involved in the implementation of the NIS 2 Directive (IT, Compliance, Data Protection, HR, QM, etc.). Holistic risk management involving all stakeholders is therefore essential for companies.
Companies should pay particular attention to the following points:

Unterstützung durch Legal Outsourcing

Warum alles selbst erledigen? Vertrags- und NDA-Prüfungen, Gewährleistungsfälle und rechtliche Stellungnahmen zu Einzelfragen, etwa im Wettbewerbs- oder Arbeitsrecht, binden im operativen Tagesgeschäft allzu viele Kapazitäten. Sinnvoller ist es, wenn Rechtsabteilungen ihre strategische Arbeit in den Vordergrund stellen und Routineaufgaben delegieren. Bei dauerhaft hohem Workload oder besonders arbeitsintensiven Auftragslagen schafft Legal Outsourcing Abhilfe. „Outsource the work that keeps you from working“ lautet hier die Devise.

Act now to avoid sanctions

The implementation of the NIS 2 Directive presents companies with considerable challenges, but also offers them the opportunity to strengthen their own cyber security and better arm themselves against threats. Companies should take the requirements of the NIS 2 Directive seriously and take the necessary measures in good time.

We are happy to support you in implementing the NIS 2 directive. We offer you comprehensive advice and practical assistance in implementing the necessary security measures, complying with reporting obligations and training your employees. Contact us to find out how we can help you successfully fulfil the requirements of the NIS 2 Directive and avoid sanctions.

Your personal contact

Matthias SchulzSenior Sales Manager

You might also be interested in these articles

it-sicherheit
How legal departments reduce daily stress
Learn more
Datenschutz
How legal departments reduce daily stress
Learn more