Blog
What is NIS2 and what does it mean for your business?
October 31, 2024

The NIS2 Directive brings stricter digital security standards for European businesses. This blog explains what’s important for UK SMEs. Ensure your business is ready for the increased requirements and avoid supply chain risks when working with larger partners. Find out who is affected and how to comply with the new cybersecurity standards.

What is the NIS2 Directive?

The Network and Information Security (NIS2) Directive is a European regulation aimed at increasing the digital resilience and security of networks and information systems within the EU. The Directive aims to improve the digital and economic resilience of European Member States. The Directive includes a Duty of Care, a Duty of Notification, and a Duty of Oversight, all aimed at achieving stronger cybersecurity. NIS2 replaces the original NIS Directive of 2016 and significantly expands its scope and requirements. Whereas the original NIS Directive focused mainly on large companies and vital sectors, NIS2 extends the requirements to a wider range of sectors, organisations and companies.

Who does it apply to?

It applies to large and medium-sized companies (with more than 50 employees or an annual turnover of more than €10 million) in certain sectors considered essential or important to society or the economy. These include sectors that play a critical role in society and the economy and therefore require extra protection against cyber threats. Essential sectors include:

  • Energy
  • Transportation
  • Banking and financial markets
  • Drinking water supply and distribution
  • Healthcare
  • Digital infrastructure
  • Public administration

Other key sectors include:

  • Postal and courier services
  • Waste Management
  • Food production, processing and distribution
  • Chemical sector
  • Research and development (particularly in critical and technological areas)

For SMEs, this means that companies in these sectors may also have to comply with NIS2 requirements, especially if they are part of the chain of larger organisations covered by this Directive..

What does NIS2 mean for UK businesses?

Although NIS2 is a European regulation, it can be relevant to UK companies trading with European organisations. Many EU companies covered by NIS2 will need to ensure that their entire supply chain, including external suppliers, meets higher standards of cyber security. UK companies working with European customers or partners may therefore be required to meet certain cybersecurity requirements themselves, in order to meet the expectations and requirements of EU partners.

Why is NIS2 relevant to SMEs?

Although micro and small businesses are mostly outside the scope of the NIS2 Directive, customers who are covered by the NIS2 Directive will begin to require you to meet certain cybersecurity standards in order to do business. So you will be indirectly affected by NIS2 requirements if your customers or suppliers are covered by the directive. Large organisations that have to comply with NIS2 must ensure that their suppliers meet higher standards of cyber security. As a result, customers and partners are imposing stricter requirements on SMEs to mitigate supply chain risks.

Consequences of poor cyber management under NIS2

Under NIS2, the consequences of poor cyber management have been significantly increased compared to the original NIS Directive. Companies now risk heavy fines and even legal action, with fines of up to a percentage of annual turnover. In addition, executives can be held personally liable for inadequate cyber measures, which can lead to dismissal or other legal consequences. The Directive also introduces greater oversight, allowing regulators to conduct regular compliance audits, increasing the pressure for continuous compliance. In addition, companies must report serious cyber incidents to the authorities within a short period of time; failure to report on time can also lead to sanctions. With these additions, NIS2 encourages companies to take a proactive and diligent approach to cybersecurity.

Benefits of digital resilience for businesses:

Digital resilience offers several benefits to SMEs, especially as cybersecurity becomes increasingly important in collaborations and regulations:

  • Competitive advantage: meeting cybersecurity expectations can create new business opportunities with major players.
  • Reputation: Robust digital and information security builds trust with customers and partners.
  • Preparing for future regulation: NIS2 can set the standard for new obligations across broader sectors and business sizes.

How can SMEs prepare for cyber security?

While the NIS2 Directive applies mainly to larger organisations in vital sectors, it is wise for SMEs to take cyber security seriously too. Securing online data not only helps prevent incidents, but also protects your company's reputation.

Here are some steps to get you started:

  • Conduct a risk analysis: Identify the digital risks to your business.
  • Take preventative action: Implement security measures to reduce digital risks.
  • Establish incident management: Establish simple processes to quickly identify, track and respond to security incidents.

When customers and partners know that you take data security seriously, it builds trust in your brand. On the other hand, a security incident can lead to a loss of customer confidence and negative publicity. In the long run, this can damage your reputation. Reliable security demonstrates that your business is responsible, which is important to customers and business partners who value security and integrity.

Cybersecurity is critical for business and personal responsibility, where individuals can be held liable with the new NIS2 sanctions. Our platform incorporates this into governance questions to help businesses. Want to know how your business can comply with NIS2 and other standards? Get in touch with Eevery!

other resources
News
Working at Eevery: Meet our Business Development Associate Daniel
Daniel Elderenbosch (24) lives in Amsterdam and brings a wide range of experience to Eevery. While studying Business Administration, he worked in various roles, including managing a pop-up store and as a project manager for a company supplying recycled plastic products to discount retailers. Now, Daniel is ready for the next step in his career. As Business Development Associate he supports SMEs in the Netherlands and the UK with their sustainability efforts. We're excited to welcome Daniel to our team.
News
Understanding the Global Reporting Initiative (GRI) and its benefits for SMEs
We are proud to share that Eevery is now officially GRI-certified! Globally, 70% of large companies use GRI as their sustainability standard. In this blog, we explain what the Global Reporting Initiative (GRI) is and how it can help your business make sustainability efforts more transparent. Discover how our platform can guide your business to benefit from these international standards fully.
News
The EUDR: What the new Deforestation Regulation means for UK businesses
Tropical deforestation is responsible for around 20% of annual global greenhouse gas emissions and 15% of global carbon emissions, posing a significant threat to biodiversity and accelerating climate change. In response, the EU has introduced the Regulation on Deforestation-Free Products (EUDR), a law aimed at tackling deforestation and promoting sustainability. This blog explains the regulation and what it means for your business.
Stay up to date
Sign up to our newsletter and receive information on Sustainability, CSR, ESG and CO2 news, upcoming laws and regulations, events and webinars.
Become part of the solution
Eevery offers a complete sustainability solution at an attractive price. Contact us now for an introduction, no strings attached. Begin your ESG journey today.
Book a meeting
View pricing plans
Join our newsletter to stay up to date on features and releases.
Platform
Measure your statusCalculate your emissionsFormulate your strategyEnhance business valueCommunicate your progress
Solution
SMEAdvisors and AccountantsConsultantsEcosystem
Eevery
AboutCareersPricingBlogCustomer storiesContactBook a meetingFrequently Asked Questions
© 2024 Eevery. All right reserved.
Terms and ConditionsPrivacy PolicyCookies