CCNet

CCNet

Dec 4, 2023   •  1 min read

Navigating The NIS2 Directive - who determines wether your company falls under its purview?

Navigating the NIS2 Directive: Who determines whether your company falls under its purview?

The NIS2 Directive, with its expansive scope, has far-reaching implications for companies within the EU. But who decides whether your company falls under its purview? Understanding the scope of this directive is essential for navigating the complex landscape of compliance. This article highlights the process and identifies those responsible for making this important decision regarding the directive's scope and applicability to your business.

The decision-making process

The determination of whether a company is affected by the NIS2 Directive lies in the hands of the national supervisory authorities of the EU member states. These authorities are responsible for monitoring and enforcing compliance with the NIS2 Directive, a task that determines a company’s obligations under the law.

Step 1: Self-assessment

Companies must undertake a self-assessment based on NIS2 criteria, focusing on aspects like company size and the importance of their critical infrastructure.

Step 2: Professional advice

For assistance, companies may seek guidance from consultants and legal experts to gain a comprehensive assessment of their position concerning the NIS” Directive.

Step 3: Exchange with the supervisory authority

To gain additional clarity, companies should directly engage with the relevant nation supervisory authority.

Step 4: Formal decision

The national authority, after evaluating the company’s provided information and other pertinent factors, will issue a formal decision regarding the NIS2 Directive’s applicability.

Step 5: Registration and Compliance

Companies falling under the NIS2 Directive are registered accordingly and undergo regular audits to verify compliance.

Conclusion

It is essential that companies act proactively and, if in doubt, contact the relevant authorities or qualified advisors. By seeking early clarification and ensuring compliance, companies can meet all legal requirements and safeguard themselves against potential risks.

Detailed NIS2 process description: Business operations during a cyberattack

Detailed NIS2 process description: Business operations during a cyberattack

The goal of this process is to ensure that the company can continue business operations even in the event of a cyberattack. The implementation and regular updating of a Business Continuity Plan (BCP) play a decisive role here. This plan defines emergency measures and alternative operating procedures to ensure that ...

CCNet

CCNet

Mar 5, 2025   •  3 min read

Template analysis for effective investigation of security incidents

Template analysis for effective investigation of security incidents

NIS2 Template: Standard Analysis for Effective Investigation of Security Incidents Purpose of the Analysis The method serves to conduct a structured investigation of security incidents, aiming to uncover causes, document the course of the incident, and derive preventive measures to prevent future incidents. Scope This analysis method is used for ...

CCNet

CCNet

Mar 3, 2025   •  2 min read

NIS2-Analysis: Detailed incident response report for precise evaluation of IT security incidents

NIS2-Analysis: Detailed incident response report for precise evaluation of IT security incidents

NIS2 Analysis: Detailed Incident Response Report for Accurate Evaluation of IT Security Incidents On September 15, 2024, at 14:35, suspicious network traffic was detected by our SIEM system, indicating a potential ransomware infection. This required immediate responses. Unusual activity, such as high CPU usage and file encryption, was quickly ...

CCNet

CCNet

Jan 31, 2025   •  2 min read