HomeIco

Home

 InternalIco

Internal
Deutsch|English
Services breadcrumb-icon Audit Services breadcrumb-icon IT-Audit, IT-Assurance, IT-Advisory breadcrumb-icon IT-Advisory breadcrumb-icon NIS2 consulting

NIS2 consulting

PrintMailRate-it

​​​​​​N​​​​​​​IS2 Implementation Act: Strengthening cybersecurity in critical industries


The NIS2 Implementation Act, which is based on the European Network and Information Systems Directive (NIS2), aims to strengthen cyber security in critical infrastructures. The requirements and implications of this law are particularly important in the areas of energy supply, waste disposal and wastewater disposal.

The NIS2 Directive was developed to improve the resilience and protection of networks and information systems. It requires organizations to take appropriate measures to prevent, detect and respond to cyber-attacks. The NIS2 Implementation Act transposes this directive into national law and sets out specific requirements for various sectors.

Requirements for
Operators and organizations covered by the NIS2 Implementation Act must adopt a risk-based approach and fulfil various state-of-the-art requirements, including:

  • Risk analysis and security for information systems
  • Management of security incidents
  • Maintenance and recovery, backup management, crisis management
  • Supply chain security, inter-facility security, service provider security
  • Security in development, procurement and maintenance
  • Vulnerability management
  • Evaluation of the effectiveness of cyber security and risk management
  • Cybersecurity and cyber hygiene training
  • Cryptography and encryption
  • Personnel security, access control and asset management
  • Multi-factor authentication and continuous authentication
  • Secure communication (voice, video and text)
  • Secure emergency communication​

NIS2 sectors
There are three groups of sectors in the NIS2 implementation: KRITIS sectors for critical installations and high-criticality facilities and other critical sectors:​​

​KRITIS

Sectors of high criticality

​Other critical sectors​

Energy
Energy
Power supply, district heating/cooling, fuel/heating oil, gas​
Transport/Traffic
Transport/Traffic
Air transport, rail transport, shipping, road transport
​Transport/Traffic
Post and courier

Finances/Insurance
​Finance/Insurance
Banks, financial market infrastructure
​Chemicals
Manufacturing, importers (NACE 20)


Health

Services, reference laboratories, R&D, pharmaceuticals (NACE C 21), medical devices​
Research organisations
Research facilities​

​Water/Wastewater
Water/Wastewater
Drinking water, wastewater
​Manufacturing
Medicine/diagnostics; computer, electrical and optical activities (NACE C 26 and 27); machinery (NACE C 28), motor vehicles/parts (NACE C 29), transport equipment (NACE C 30)​
​IT and TC
IT and TC
IXPs, DNS, TLD, cloud providers, data center services, CDNs, TSP, electronic communication/services, managed services and security services
Digital services
Marketplaces, search engines, social networks

Space
​Space
Ground infrastructures
Nutrition
​food
Wholesale, production, processing
Waste disposal​
​Waste disposal
Waste management

Conclusion for those affected
The NIS2 Implementation Act is an important step towards improving cyber security in critical sectors. Organizations in these sectors must meet the requirements to maintain their services and ensure the security of their systems.

Our offer - your benefit

Please click to enlarge​​​

Contact

Contact Person Picture

Falk Hofmann

Partner

+49 30 810 795 84

Send inquiry
Skip Ribbon Commands
Skip to main content
Deutschland Weltweit Search Menu