NIS2

Get ready for NIS2

Complying with NIS2 doesn’t have to be daunting. With ComplyCloud, you can streamline the process, enabling you to swiftly uncover NIS2 requirements and automate tasks, controls, and documentation effortlessly. Save time and resources while achieving compliance excellence. Start your journey to NIS2 compliance today.

Trusted by companies like yours

Cloud Factory A/S – Max Larsen

CTO

"Getting started with ComplyCloud was easy as their defined framework sets the path to NIS2 compliance."

Nord Energi - Jane Knudsen

IT Manager

"Now, I only spend 3-4 hours a month on IT-compliance thanks to ComplyCloud. And it doesn’t take time away from all my other tasks."

Odense Renovation - Michael Mather

Head of IT and Digitisation

"ComplyCloud was quick of the mark with an NIS2 solution, so I thought it was obvious to have all compliance work in one platform that we already knew."

Umbraco A/S - Mathias Tøndering

Steward of Reliable Operations (GDPR responsible)

"The task management (annual wheel) makes it easy for us to plan and execute our compliance workload. Umbraco has many data processors meaning easy management and overview are essential."

K.G Hansen & Sønner A/S - Mette Birwe

HR Partner

"ComplyCloud has made it easy for us to get an overview of our obligations, prepare legal documents and continuously keep them up to date."

Cortrium – Kristian Klok Pedersen

VP Software Engineering

"As a high-tech company in the healthcare sector, we are regulated on several fronts, and ComplyCloud showed a great understanding of the regulatory complexity from the beginning."

Dansk Arbejdsskadeforsikring - Christina Høy Thygesen

HR & Compliance Manager

"We implemented ComplyCloud over a year ago with the aim of making it easy for us to create and maintain the policies and procedures required by the GDPR regulation. The GDPR-software from ComplyCloud has proven to be exactly the help we wanted with the goal to streamline and qualify the operation of our GDPR work."

Danske Diakonhjem - Stinne Bonde

Consultant

"ComplyCloud has been a game-changer for our organisation. Since we started using ComplyCloud, the entire process of compliance management has become more efficient and manageable."

NPS.TODAY - Peter Tranberg Møller

CCO

"Our customers require, among other things, that we can provide an audit statement, and ComplyCloud helps us with that as well. It’s handled quickly and efficiently within the software, significantly reducing costs, especially compared to if we were to try to handle it ourselves."

Start with the overview

Although we still need final guidance for NIS2, we know of the overall tasks and controls necessary for compliance. You can start the right way by adding your complete tasks and controls with just one click.

Unlock efficiency with automation

NIS2 is an extensive framework, and you’ll not run out of work anytime soon. We automate the repetitive tasks and controls and save you up to 80% of the time and resources with manual processes. That way, you can focus on the business-critical issues in your organization that cannot be automated.

Easily map and connect your inventory, controls, and documents

Get peace of mind by following the same structured methodology and best practices when complying with NIS2. Your NIS2 tasks, controls and documents will automatically work together and integrate with your other compliance measures.

Who does NIS2 apply to?

NIS2 affects all entities that provide essential or important services to the European economy and society, including companies and suppliers within Transport, Energy, Banking and financial market infrastructure, Healthcare, water supply, Public administration (central and regional levels), Waste management, and Postal and courier services.

What are the requirements?

The NIS2 contains a lot of rules, and, since it is a directive, these rules will need to be implemented through national legislation before we can see the full picture. Therefore, it can be very difficult to get your head around what you will need to do and where to begin.

How do we comply with the requirements?

The requirements will span over very different things like policies, risk assessments, vendor management, awareness training. Without a lot of knowledge and experience, it will be impossible to know how to live up to all that.

How do we find time to comply with all the requirements?

To comply with NIS2 by yourself, you will need to find time to prepare and maintain a large number of documents, to carry out risk management and to keep track of your supply chains and to train your employees – manually.

Your journey to NIS2 Compliance

Get started with confidence

Together with our InfoSec and legal team, we ensure that you become compliant with all requirements to governance, documents, and task planning during your onboarding. After that, you can enjoy free support – our legal and technical teams are here to help you.

Book your free NIS2 gap analysis

Get a custom gap analysis report of your compliance with NIS2 regulations,

and understand what are the areas you need to cover.

Frequently asked questions

What is the purpose of the NIS2?

The NIS1 directive was introduced as the EU’s initial cybersecurity legislation to enhance the ability of network and information systems to withstand cyber risks. However, the COVID-19 pandemic has expanded the range of threats, necessitating the development of new measures.

The European Commission recognized certain shortcomings in the existing NIS1, including:

Insufficient cyber resilience among EU businesses
Inconsistent resilience levels across Member States and sectors
A lack of shared understanding regarding threats
Inadequate joint crisis response capabilities

Consequently, in December 2020, the Commission put forth new regulations aimed at reinforcing cyber resilience within the EU, which were subsequently adopted in November 2022.

When will the NIS2 apply from?

The NIS2 is a directive which means that it will have to be implemented with national legislation. The member states in the EU must do so before 18 October 2024.

Which sectors and types of entities does NIS2 cover?

The NIS2 directive covers entities from the following sectors:

Essential sectors:

Energy (electricity, oil, gas, district heating and cooling, and hydrogen).
Transport (air, rail, water, and road).
Healthcare
Water supply (drinking water, wastewater).
Digital infrastructure (telecom, DNS, TLD, cloud service, data centres, trust service providers).
Finance (banking, financial market infrastructure)
Public administration
Space

Important sectors:

Digital providers (online markets, search engines, social networks)
Postal services
Waste management
Foods
Manufacturing (medical devices, electronics, machinery, transport equipment)
Chemicals (production and distribution)
Research

While both essential and important sectors are required to adhere to the same security measures, there is a difference in the level of supervision. Entities classified as “essential” are subject to proactive supervision, meaning they are monitored regularly to ensure compliance. On the other hand, “important” entities are monitored only in response to reported incidents of non-compliance.

This differentiation aims to prioritize the continuous operation and resilience of critical services while still ensuring that all entities maintain the necessary security measures to protect against cyber threats.

How will the rules be supervised and enforced?

The NIS2 establishes a comprehensive framework for supervisory and enforcement activities across Member States.

Competent authorities are responsible for overseeing essential and important entities’ compliance with the regulations. Supervisory measures include audits, checks, information requests, and access to documents.

The directive introduces a consistent framework for sanctions, including binding instructions, implementation of security audit recommendations, alignment with NIS requirements, and administrative fines.

Administrative fines vary based on entity classification, with essential entities facing fines up to €10,000,000 or 2% of annual turnover, and important entities facing fines up to €7,000,000 or 1.4% of annual turnover.

Supervisory authorities must consider the nature and severity of the breach and any damages or losses incurred when exercising enforcement powers.

Opposite to the GDPR, the NIS2 also holds natural persons in senior management positions within covered entities accountable.

How does NIS2 aim to enhance cyber crisis management?

The NIS2 focuses on improving cyber risk management through clear responsibilities, effective planning, and enhanced cooperation within the EU.

To achieve this, NIS2 mandates Member States to designate national authorities responsible for cyber crisis management. It also introduces the requirement for national large-scale cybersecurity incident and crisis response plans.

Additionally, NIS2 establishes the European cyber crisis liaison organization network (EU-CYCLONe). This network plays a vital role in the EU’s cyber crisis management framework, facilitating coordinated responses to significant cybersecurity incidents and crises.

The combination of designated authorities, national response plans, and the EU-CYCLONe network ensures a more coordinated and efficient approach to managing large-scale cybersecurity incidents and crises across the European Union.

How will NIS2 enhance cybersecurity requirements for the covered entities?

NIS2 will strengthen and streamline cybersecurity requirements for covered entities by requiring all companies to address a core set of 10 minimum requirements in their cybersecurity risk management policies.

These elements include incident handling, supply chain security, vulnerability handling and disclosure, and the use of cryptography. The NIS2 also includes a multiple-stage approach to incident reporting, which strikes a balance between swift reporting to prevent the spread of incidents and in-depth reporting to draw valuable lessons learned.

Affected companies have 24 hours to submit an early warning, 72 hours to submit an incident notification, and one month to submit a final report. This will help to reduce the additional burden for companies operating in multiple member states and ensure that all companies are addressing the necessary cybersecurity requirements.

How can I automize and streamline NIS2 comliance (just like I can with GDPR)?

Automating NIS2 compliance can help streamline and simplify the process for covered entities. ComplyCloud are currently developing a powerful tool to do exactly this.

Below, we have listed areas where we see a major potential in helping you automating and streamlining your NIS2 compliance:

Annual wheel of work: An annual wheel of work regularly giving you tasks will make sure you don’t miss anything in your ongoing work and give you peace of mind.
Risk assessment and management: Automated methods to conduct regular risk assessments, identify vulnerabilities, and prioritize mitigation efforts.
Incident management: A simple and intuitive incident management system can help you getting managing incidents in a smooth and compliant way.
Documentation: Dynamic questionnaires can make you capable of creating any necessary document much faster and with a higher quality than if you had to create them from scratch.

Employee training and awareness: Carrying out awareness training ensuring that your employees are knowledgeable about their roles and responsibilities under NIS2 will be key to strengthen your organization’s security against cyber-attacks.
Gap-analyses: Gap-analyses will guide you through the requirements and make you aware of any gaps you might have.
Vendor management: A system for vendor management will help you comply with the requirements to supply chain security.

SOLUTIONS

ADDITIONAL PRODUCTS AND SERVICES

PLATFORM

FEATURES

USE CASES

RESOURCES

COMPANY

Login