NIS 2: Improving Security – Minimizing Risks – Meeting Requirements

The NIS 2 Directive of the European Union defines binding standards to enhance cybersecurity for critical businesses and institutions across Europe. The goal of the directive is to sustainably strengthen the robustness and resilience of both public and private entities against cyber risks and to ensure a rapid, effective response to security incidents.

Our consulting approach offers you a comprehensive analysis of the specific security requirements relevant to your organization. We assess your current protective measures, identify potential vulnerabilities, and support you in the targeted implementation of necessary security standards to reliably meet the legal minimum requirements of the NIS 2 Directive.

Why is NIS 2 so important for companies in Germany and Europe?

The NIS 2 Directive enhances the protection of critical infrastructures through stricter legal requirements and simultaneously strengthens European cooperation in the field of cybersecurity. Member states are obligated to develop their own cybersecurity strategies, establish national supervisory authorities, and designate specialized entities such as cyber crisis teams (CSIRTs). These authorities collaborate across national borders and coordinate the exchange of information in the event of an incident. In addition, a shared European database for security vulnerabilities is planned.

Which companies are subject to the NIS 2 Directive?

The NIS 2 Directive primarily applies to companies and institutions whose failure or disruption would have serious consequences for society and the economy. The directive distinguishes between entities of high criticality (“essential entities”) and those of lower criticality (“important entities”).

In general, companies with at least 50 employees or an annual turnover of at least 10 million euros are affected. Experts estimate that around 30,000 to 40,000 organizations across Europe will newly fall under these regulations.

Classification of Companies According to NIS 2

The classification under NIS 2 is based on company size and the entity’s significance to the public interest (Essential Entity or Important Entity).

01_01
Small Companies:
• At least 50 employees
• Annual turnover or balance sheet total of up to 10 million EUR
02_01
Medium-Sized Companies:
• 50 to 249 employees
• Annual turnover of up to 50 million EUR
• Balance sheet total between 10 and 43 million EUR
03_01
Large Companies:
• At least 250 employees
• Annual turnover over 50 million EUR
• Balance sheet total over 43 million EUR

Our team of experts is happy to support you in identifying the appropriate measures tailored to your company and ensuring compliance with all requirements.

CONTACT US

CONTACT