Take precautions now and prepare for the challenges of theNIS-2 Directive

Your partner for simple realisation of theNIS-2 Directive

The transposition of the NIS-2 Directive into German law is imminent. This significant development in the area of cyber security requires companies to take proactive measures to ensure their IT security and legal compliance.

CLARIUS.LEGAL is at your side as a competent partner in this decisive phase. We offer comprehensive legal services to ensure that your company is legally secure and future-orientated. We accompany you step by step from the initial consultation to the implementation of the necessary measures.

Who is responsible and when does NIS-2 come into force?

The company management is responsible for implementing the NIS-2 Directive. They must check at an early stage and independently whether the company falls under the directive. A special feature is that the directive provides for the personal liability of the management if necessary measures are not implemented.

It is currently assumed that the NIS-2 Directive will be implemented in German law from mid-October. The following Q&A is intended to help you understand the most important aspects of the NIS-2 Directive and take concrete steps to comply with the new requirements.

Get free access to our NIS-2 webinar:


WATCH NOW

Important questions and answers on the NIS-2 Directive

What is NIS-2 supposed to do?

The NIS 2 Directive aims to strengthen cybersecurity in the European Union by introducing higher security standards and reporting obligations for companies. It aims to increase the resilience of critical infrastructures and improve cooperation between member states.

Which companies are affected?

Companies operating in critical sectors, including energy, transport, banking, financial market infrastructures, healthcare, drinking water supply and distribution, digital infrastructure, public administration and space, are affected by compliance with the NIS 2 Directive. In addition, the directive now also covers digital service providers such as cloud services, online marketplaces and search engines to ensure more comprehensive coverage of cybersecurity requirements.

What measures do companies need to take?

Companies must take several measures to comply with the NIS 2 Directive:

  1. Implementation of robust security measures: Companies must protect their networks and information systems with appropriate technical and organisational measures to prevent and defend against cyber attacks.

  2. Regular risk analyses: Companies must carry out regular risk assessments to identify potential vulnerabilities and implement appropriate protective measures.

  3. Reporting of security incidents: Companies are obliged to report serious security incidents immediately to the competent authorities to enable a rapid response and cooperation.

  4. Training and awareness: Employees must be regularly trained and made aware of cyber security risks in order to promote security-conscious behaviour and minimise human error.

  5. Emergency plans and crisis management: Companies must establish emergency plans and crisis management processes in order to be able to react quickly and effectively in the event of a cyberattack.

What are the sanctions for violations?

Companies that violate the NIS 2 Directive face significant sanctions. Depending on the severity of the offence and the national legislation of the EU member states, these can include the following measures:

  1. Liability of the management
    The NIS 2 Directive introduces extended managerial liability, which means that managers can be held personally liable for compliance with cybersecurity requirements.
  2. High fines:
    Companies can be fined heavily, up to €10 million or 2% of annual global turnover in serious cases, whichever is higher.
  3. Public announcement:
    Violations can be publicised, which can cause considerable damage to the company's reputation.
Who is responsible within the company?

The responsibility for implementing the NIS 2 Directive in companies lies with the top management level, in particular the managing directors and board members. These managers are responsible for ensuring that their company takes and maintains the necessary measures to comply with the directive.

How can companies efficiently implement the requirements of the NIS-2 directive?

The requirements for companies include various to-do's from different fields. Software-based solutions help you to comply with all obligations and, in particular, simplify the fulfilment of the obligation to provide evidence.

The NIS-2 directive should not be understood as a static guideline, but aims to motivate companies to continuously manage risk.

The NIS 2 Directive presents companies with new and extensive challenges. The extended requirements demand a significant strengthening of security measures and the introduction of more comprehensive protection mechanisms for networks and information systems. Companies must now not only review and adapt their existing security precautions, but also continuously monitor and respond to new threats.

We help you to fulfil these requirements.

Feel free to contact m.schulz@clarius.legal or read our article on the NIS-2 directive below for a detailed analysis.

Get in touch

Your personal contact

Matthias SchulzDirector Sales