The EU has adopted a new directive to strengthen cybersecurity – the NIS2 Directive. This must be transposed into national law by October 2024. NIS2 will have a significant impact; particularly on small and medium-sized enterprises in the manufacturing sector. Our expert Raimund Marta has compiled comprehensive information on this topic.
What is NIS2?
NIS2 stands for the revision of the Network and Information Security Directive (NIS) from 2016. The aim is to create uniform minimum standards for cyber security in the EU and to increase digital resilience. The scope now covers 18 sectors; including wastewater treatment; drinking water supply; waste management; energy; food; health and manufacturing.
Who is affected?
In addition to operators of critical infrastructures; many medium-sized companies now also fall under NIS2. Companies with more than 50 employees or an annual turnover of more than £8.5 million in the affected sectors must comply with the new requirements. In the UK; this affects more than 30;000 companies.
Obligations and special features for the manufacturing industry
Affected companies must take cybersecurity measures such as risk analyzes; security concepts and emergency plans. Supply chains must be checked for vulnerabilities and incidents must be reported promptly. Company management bears personal responsibility. The manufacturing industry in particular; classified as an "important sector"; must implement comprehensive security measures to protect production processes and supply chains. This includes regular security reviews; employee training and risk management processes. Compliance with the NIS2 Directive is not only a legal obligation; but also a strategic investment in the future security and competitiveness of a company.
What are the penalties?
Violations are punishable by heavy fines of up to £10 million or 2% of global annual turnover. In serious cases; criminal sanctions may even be imposed.
Our recommendation
Medium-sized companies should address the new requirements at an early stage. Our professional consulting services help companies identify their vulnerabilities and implement the necessary measures. Cybersecurity is becoming a key challenge and a matter of survival for many medium-sized companies.
