CCNet

CCNet

Dec 4, 2023   •  1 min read

Navigating The NIS2 Directive - who determines wether your company falls under its purview?

Navigating the NIS2 Directive: Who determines whether your company falls under its purview?

The NIS2 Directive, with its expansive scope, has far-reaching implications for companies within the EU. But who decides whether your company falls under its purview? Understanding the scope of this directive is essential for navigating the complex landscape of compliance. This article highlights the process and identifies those responsible for making this important decision regarding the directive's scope and applicability to your business.

The decision-making process

The determination of whether a company is affected by the NIS2 Directive lies in the hands of the national supervisory authorities of the EU member states. These authorities are responsible for monitoring and enforcing compliance with the NIS2 Directive, a task that determines a company’s obligations under the law.

Step 1: Self-assessment

Companies must undertake a self-assessment based on NIS2 criteria, focusing on aspects like company size and the importance of their critical infrastructure.

Step 2: Professional advice

For assistance, companies may seek guidance from consultants and legal experts to gain a comprehensive assessment of their position concerning the NIS” Directive.

Step 3: Exchange with the supervisory authority

To gain additional clarity, companies should directly engage with the relevant nation supervisory authority.

Step 4: Formal decision

The national authority, after evaluating the company’s provided information and other pertinent factors, will issue a formal decision regarding the NIS2 Directive’s applicability.

Step 5: Registration and Compliance

Companies falling under the NIS2 Directive are registered accordingly and undergo regular audits to verify compliance.

Conclusion

It is essential that companies act proactively and, if in doubt, contact the relevant authorities or qualified advisors. By seeking early clarification and ensuring compliance, companies can meet all legal requirements and safeguard themselves against potential risks.

Meet the NIS2-Requirements through regular review and adjustment of your cybersecurity strategy

Meet the NIS2-Requirements through regular review and adjustment of your cybersecurity strategy

Meet NIS2 Requirements by Regularly Reviewing and Adjusting Your Cybersecurity Strategy A well-thought-out and clearly defined emergency management plan for cybersecurity incidents is crucial to minimizing the impact of a potential cyberattack and ensuring business continuity. Companies must ensure that their emergency plans are regularly reviewed and adapted to new ...

CCNet

CCNet

Jan 22, 2025   •  3 min read

NIS2 Emergency Management: Effective Response to Cybersecurity Incidents

NIS2 Emergency Management: Effective Response to Cybersecurity Incidents

NIS2 Emergency Management: Effective Response to Cybersecurity Incidents An efficient emergency management process is crucial for preparing companies for potential cyberattacks and ensuring a quick and coordinated response. A comprehensive emergency plan outlines clear procedures for communication, containment, remediation, and recovery following an incident. Objective This process aims to ensure ...

CCNet

CCNet

Jan 20, 2025   •  3 min read

Ensuring the Accuracy of Access Rights: Identity and Access Management (IAM)

Ensuring the Accuracy of Access Rights: Identity and Access Management (IAM)

The regular review and adjustment of access rights is a central component of the company's IT security strategy. An automated Identity and Access Management (IAM) system ensures that access to IT systems and sensitive data corresponds to users' current roles and responsibilities and prevents unauthorized access. Objective The main goal ...

CCNet

CCNet

Jan 17, 2025   •  2 min read