.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
.jpg){kind=small}
(1).jpg){kind=small}
What is the NIS2 Directive and what does it require?
The NIS2 Directive is a European regulation that obliges companies managing critical infrastructure, as well as their suppliers and subcontractors, to meet a series of requirements, mostly related to cybersecurity: data protection, training, evaluations, network security, incident management, risk management, supply chain protection, multifactor authentication (for access control devices), business continuity and access control. Security devices connected to the network must therefore comply with these requirements. Failure to do so may result in financial penalties and reputational damage to the company.
Most EU Member States failed to meet the deadline set by the European Union, which was 17 October 2024. In response, the European Commission issued a reasoned opinion and began the countdown for full implementation of the directive.
The lack of a unified legal framework has made coordination between countries more difficult, as well as the effective exchange of information on threats and the response to cross-border incidents. In Europe, it is expected that the NIS2 Directive will be transposed into national legislation and come into force by November 2025, ensuring compliance.
Which sectors must comply with NIS2?
- Highly critical sectors (essential and important): transport, energy, healthcare, space, drinking water, wastewater, public administration, digital infrastructure, banking, financial markets, ICT service management.
- Other critical sectors (important): postal and courier services, waste management, digital providers, chemicals, food, research, manufacturing of medical devices and in vitro diagnostics, manufacturing of IT, electronic and optical equipment, electrical material, machinery and equipment, motor vehicles, trailers and semi-trailers, and other transport equipment.
By Demes offers devices compliant with NIS2
By Demes provides a wide range of devices across various categories in its portfolio (CCTV, INTRUSION, ACCESS CONTROL and FIRE) that meet the highest cybersecurity standards and are fully adapted to the NIS2 Directive.
NDAA Compliant, Secure by Default, FIPS, SySS, and CN-CERT are some of the certifications and features our devices offer. The directive specifically mentions data and network protection, multifactor authentication and data encryption. Our devices are cybersecure, protect both data and the networks to which they connect, offer multifactor authentication and encryption, and therefore meet the directive’s requirements.
Is securing the network enough to comply with NIS2?
Reinforcing and protecting network infrastructure is essential to prevent potential external cyberattacks. Some of the NIS2 Directive's requirements are based on core cybersecurity principles, such as multifactor authentication or regular software updates – key measures to keep the network secure.
However, the directive is not limited to network protection alone. It also covers all devices connected to the network, which must comply with NIS2 requirements. It is therefore not enough to protect the network from external threats: vulnerabilities may also arise from within the infrastructure itself.
Numerous cyberattacks have been documented as a result of poor operational practices or internal security failures, highlighting the need to implement protection measures both for the network and all connected systems and devices.
