NIS2 - THE NEW DIRECTIVE "FOR A HIGH COMMON LEVEL OF CYBER SECURITY" We summarize what you need to know and consider. NIS2, also known as the "Network and Information Security (NIS) Directive", is a directive that regulates the cyber and information security of companies and institutions. It came into force in January 2023 and must be implemented into national law by the EU member states by the end of 2024. The aim is to achieve a higher common level of cybersecurity in the EU by setting minimum standards for IT security in certain companies or institutions. Who? How? What? The new NIS2 directive has been haunting the IT and corporate world like a bogeyman for some time now, or in the worst case, is not even a term that some people have heard of. In any case, it raises many questions: -Why does NIS2 exist? -Who is affected? -What do I have to do? -How is this checked? -What happens if you don't meet the requirements? -Who is liable for violations? The scope of NIS2 is large - probably larger than it seems at first. For example, NIS2 affects public and private institutions in 18 economic sectors with certain size criteria. These sectors include energy, transport, wastewater, healthcare, banking, postal and customer services, research and digital service providers. In addition, institutions regardless of their size can also fall under NIS2, for example parts of the digital infrastructure, public administration, critical infrastructure (KRITIS) or companies that are part of a supply chain at affected institutions. The NIS2 Directive sets out obligations in various areas. These obligations include risk management measures, a cross-hazard approach, supplier controls or proof obligations, audits and certifications. NIS2 will certainly lead to controls, an adjustment of corresponding powers and the setting of new fines. One thing is already certain: from now on, compliance with minimum standards for cybersecurity will be a matter for management. Not only the ever-increasing cybercrime, but also the new NIS2 directive is forcing many companies and institutions to pay more attention to IT security. To optimally secure the IT and the entire infrastructure of a company or other institution, both organizational and technical factors must be taken into account. There are many options, especially when it comes to technical factors. In any case, it is important to look at attack vectors holistically and use suitable tools. In our snack session, IT expert Alexander Karls and lawyer Andree Hönninger (MKM + PARTNER Rechtsanwälte) examine the topic of NIS2 from a legal and business perspective as well as from an IT security perspective. They provide basic insights, discuss legal aspects such as changed obligations, controls and liability. They also show possible measures for securing IT in the company, which also help you comply with the NIS2 directive. Shownotes: You really want to tell us something? Then please go here: https://www.speakpipe.com/bluescreen You can connect with Alex in the following ways: E-mail: [email protected] LinkedIn: / alexander-karls-931685139 Xing: https://www.xing.com/profile/Alexande... Do you have a question or need support? Then book Alex directly for a free initial consultation: https://outlook.office365.com/owa/cal... Follow us on our other social media profiles: https://www.pegasus-gmbh.de/social-me...