NIS Directive
The NIS (Network and Information Security) Directive is an EU directive that sets security demands to improve the overall protection of critical infrastructure for essential and certain digital services. All organizations regarded as essential services must work systematically with their information security - and demonstrate compliance.
Your Safety is Our Top Priority
The NIS Directive is the first EU directive to increase cyber security throughout the EU. On 9 May 2018, each EU member state must have implemented NIS in its local legislation. The NIS directive sets requirements for cyber security in networks and information systems. The law covers private and public providers of vitally important services – or so-called operators of essential services. The background to NIS is the growing threat to all types of organizations - not least from foreign powers.

Concerned Sectors
The following sectors are affected by the NIS directive:
Energy
Including subsectors; electricity, oil, and gas.
Transport
Including subsectors; air transport, rail transport, shipping, and road transport.
Healthcare
Including subsector; healthcare environments (including hospitals and private clinics).
Water supply
Delivery and distribution of drinking water.
Financial Infrastructure
Financial market infrastructure, e.g., payment services
Banking
Banking activities of various kinds.
Digital Infrastructures
Digital infrastructures, such as the delivery of DNS and TLD registries.
Requirement for a Systematic Cyber Security Approach
To strengthen the internal market and reduce susceptibility, NIS requires essential community services to adopt a systematic and risk-based security approach and report incidents.
Responsibilities According to NIS
According to NIS, organizations providing vitally important services have several primary obligations:- Report to your supervisory authority that NIS applies to your organization.
- Conduct a systematic and risk-based information security approach.
- Annually assess the business's risks and draw up action plans. These should form the basis for choosing suitable safety measures.
- Take appropriate and proportionate measures to deal with risks that threaten safety.
- Respond appropriately to prevent and minimize the effects of incidents affecting networks and information systems.
- Report incidents that have a significant impact, such as loss or disruption.

A Revision & Broadening
On 16 December 2020, a proposal was submitted to the European Commission regarding a new NIS directive called NIS2. A revision of NIS, if adopted, will affect more sectors to comply with NIS. Vitally important services include postal and courier services, waste management, chemicals, food, manufacturing of other medical devices, computers and electronics, machine equipment, motor vehicles, and digital suppliers. When NIS2 comes into force has yet to be determined, and the proposal is under evaluation. Once the directive is adopted, each EU member state will have 18 months to implement the directive as local legislation.
- NIS (The Directive on Security of Network and Information Systems) is an EU-homogeneous directive.
- Is the basis for local legislation in each EU member state.
- NIS must implement it no later than May 9th, 2018.
- Applies to organizations, both public and companies, providing essential services.
- Makes demands for systematic and risk-based information security work, incident reporting to local authorities, and demonstrating compliance with the legislation.
- Non-compliance can result in penalties in the form of administrative sanctions, such as revoked permits to conduct business.
Meet Laws & Recommendations
Strengthen your cyber security defense and ensure compliance with laws and recommendations. Our platform enables you to discover technical and human vulnerabilities, evaluate and prioritize risks, and address vulnerabilities throughout your IT environment.