NIS2 Monitoring Service
Written By
Associate
Germany
I am a seasoned attorney situated at the Bird & Bird Düsseldorf office, with a specialisation in cybersecurity and data protection law, and a co-head of the Bird & Bird International Cybersecurity Steering Group.
Partner
Ireland
I am an experienced Irish lawyer. I specialise in complex technology, data and IP transactions, and advise innovative clients on the laws and regulations applicable to related products and services offered in Ireland and other parts of the European Union.
Of Counsel
Netherlands
I am a Principal Regulatory Counsel in our Regulatory & Public Affairs practice in the Netherlands and Brussels. I have a focus on tech and comms and digital markets regulation, drawing on in-depth business knowledge and extensive experience in TMT and public administration.
Related
Practices
Sectors
Trending Topics
Regions
NIS2 will repeal the current NIS Directive, amending the rules on security of network and information systems. It has a broader concept of ‘essential’ and ‘important’ entities and has materially expanded the types of organisations that fall within these categories. As an EU Directive, NIS2 will be transposed into national laws across the EU. Some Member States may choose to bring in additional rules, going beyond the minimum requirements that NIS2 introduces. Countries can impose additional, robust obligations, ensuring comprehensive security measures. For multinational enterprises, navigating diverse jurisdictions adds complexity to the compliance landscape.
Our NIS 2 monitoring service solution will help your business greatly by effortlessly monitoring and managing your compliance obligations in the jurisdictions that matter most to you. We understand that effective monitoring can be both time-consuming and financially burdensome. That's why our cost-effective fixed-price product offers unparalleled value, leveraging our expertise in tracking crucial legal reforms.
Click here to access the monitoring service tool
It is crucial for businesses within the scope of the NIS2 Directive to comply with the obligations, the principal of which are detailed below. It is also crucial for those providing cybersecurity services and products to in-scope companies, to be aware of the new obligations.
- risk analysis and information system security policies
- incident handling
- business continuity, such as backup management and disaster recovery, and crisis management
- supply chain security including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers
- security in network and information systems acquisition, development and maintenance
- policies and procedures to assess the effectiveness of cybersecurity risk management measures
- stronger reporting obligations
- governance requirements
- cybersecurity certification
It is essential to note that there is a compulsory requirement to report any breaches related to products and services governed by NIS2. Organisations will need to update breach response processes to comply with the NIS2 requirements in the EU Member States in which they are regulated.
For a fixed price proposal for your team, please contact Feyo, Deirdre or Natallia, or your usual Bird & Bird contact.
