Global

Please select a language

Please select the country/region where you would like to introduce your business.

Asia / Oceania

America

Europe / Middle East / Africa

Contact Us
Contact Us
Global

Please select a language

Please select the country/region where you would like to introduce your business.

Asia / Oceania

America

Europe / Middle East / Africa

Knowledge What is the NIS2 Directive? Introducing its requirements and the need for cyber resilience(1/4)~What is the NIS2 Directive?~

What is the "NIS2 Directive" established by the EU? We provide specific guidelines for enhancing security related to the NIS2 Directive.

img

As the risk of cyberattacks increases worldwide, it has become urgent for global companies with overseas branches to implement comprehensive cybersecurity measures. The NIS2 Directive, established by the EU, aims to strengthen "cyber resilience" to minimize the damage caused by cyberattacks and provides specific guidelines for strengthening security.

This article provides an overview of the NIS2 Directive and the importance of cyber resilience and introduces specific strengthening methods and examples in four parts.

1. What is the NIS2 Directive?

NIS2 (Network and Information Systems Directive 2) is a security regulation established by the European Union (EU) in 2022. It requires a wide range of industries that use networks and information systems to strengthen cybersecurity and protect information. In particular, infrastructure and companies that play essential social and economic roles are required to reduce the risks of cyberattacks and improve their response capabilities.

Standards and scope of application

The NIS2 Directive covers 18 industry sectors, categorizing companies into "essential entities" and "important entities."

Standards and scope of application

Companies are obliged to comply with the requirements of the NIS2 Directive if they meet either of the following criteria:

  • More than 50 employees
  • Annual turnover of more than 10 million euros
*Digital service providers are exempt

Target companies are required to implement specific cybersecurity measures. Non-compliance can result in severe penalties, including fines and criminal liability for managers.

Differences from the NIS Directive

The NIS2 Directive is based on the NIS Directive that came into force in 2016 and is designed to create a more comprehensive and robust cybersecurity regime. The main changes are as follows:

  • Strengthening risk management
  • Stricter reporting requirements
  • Introduction of sanctions for violations
  • Strengthening international cooperation
  • Standardization of monitoring standards
  • Expansion of target industries

The NIS2 Directive is expected to promote the uniformity of European security standards and further cooperation between countries.