In the video, Mirko Mach briefly and simply explains the EU's new NIS2 Cybersecurity Directive. Its aim is to strengthen the cyber resilience of critical and important infrastructures in the EU. In the future, it will affect significantly more companies than before. More information: https://www.mpcservice.com/nis2-cyber... 00:00 Introduction 00:15 What is NIS2? 01:14 Which companies are affected by NIS2? Sectors & industries 02:02 Which companies are affected by NIS2? Company size 02:33 NIS2: Sanctions, fines, reporting obligations 03:11 Prepare for NIS2 in good time and check whether you are affected 04:11 End WHAT IS NIS2? NIS2 stands for "Network and Information Security Directive 2.0". Its aim is to strengthen the cyber resilience of critical and important infrastructures in the EU member states. Affected companies must take appropriate measures to prevent and defend against cyberattacks. NIS2 affects significantly more companies and industries than before (not just KRITIS, but also smaller companies and suppliers). Companies must check independently whether the new requirements apply to a company - they are not actively informed. In Germany, NIS2 will be implemented into national law by October 17, 2024. IS YOUR COMPANY AFFECTED BY NIS2? The new NIS2 directive applies not only to KRITIS companies, but to significantly more companies than before. Affected companies are divided into two categories: "Essential" facilities and "Important" facilities. If your company falls into one of the above categories and employs at least 50 people and generates a turnover of at least 10 million euros, the new directive applies to you. Regardless of the size of the company, smaller companies can also be affected by NIS2, for example if they are suppliers. Overall, it is expected that more than 30,000 companies in Germany will be affected by NIS2. WHAT SANCTIONS AND FINES ARE THREATENED? NIS2 significantly increases the threatened sanctions and the amount of the fines. In addition, managing directors and board members may be personally liable. For "essential" facilities, fines of up to 10 million euros or 2% of the total worldwide turnover of the previous year of the company to which the facility belongs (whichever is higher) can be imposed. For "important" facilities, fines of up to 7 million euros or 1.4% of the total worldwide turnover of the previous year of the company to which the facility belongs (whichever is higher) apply. In addition to the amount of the fines, the reporting obligation in the event of disruptions, incidents or cyber threats has also been tightened. A three-stage reporting process applies. BY WHEN MUST NIS2 BE IMPLEMENTED? NIS2 will be implemented into national law in Germany by October 17, 2024. Companies must independently check whether they are affected by the new cyber directive and register with the BSI (Federal Office for Information Security) by January 17, 2025. MPC supports you in the implementation of NIS2 and shows you how you can effectively protect your company from cyber threats.