{"id":7273,"date":"2024-10-04T08:06:23","date_gmt":"2024-10-04T08:06:23","guid":{"rendered":"https:\/\/haavind.stage01.dekodes.no\/techinsight-new\/?post_type=tech-insight&#038;p=7273"},"modified":"2024-10-16T11:17:50","modified_gmt":"2024-10-16T11:17:50","slug":"nis2-directive","status":"publish","type":"tech-insight","link":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/","title":{"rendered":"NIS2 Directive"},"content":{"rendered":"\t<div class=\"template-tech-insight alignwide has-media wp-block-dekode-hero\">\n\t\t<div class=\"hero__inner\">\n\t\t\t<div class=\"hero__inner_blocks\">\n\t\t\t\t\n<h1 class=\"wp-block-post-title\">NIS2 Directive<\/h1>\n\n<p class=\"t2-ingress wp-block-t2-ingress\"><em>Directive 2022\/2555 on measures for a high common level of cybersecurity<\/em><\/p>\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<div class=\"hero__image\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"460\" height=\"352\" src=\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg\" class=\"attachment-ultra size-ultra\" alt=\"\" srcset=\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg 460w, https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1-300x230.jpg 300w\" sizes=\"(max-width: 460px) 100vw, 460px\" \/>\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\n\n<div class=\"haavind-tech-info alignleft wp-block-haavind-tech-info\">\n\t\t\t<div class=\"haavind-tech-info__categories\">\n\t\t\t\t<h4>Category<\/h4>\n\t\t\t\t\n\t\t\t<div class=\"t2-post-dynamic-part is-source-term term-tech-insight-category haavind-tech-meta__category wp-block-t2-post-dynamic-part\"><a href=\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/cybersecurity\/\" class=\"t2-post-dynamic-part__term\" rel=\"tag\">Cybersecurity<\/a><\/div>\n\t\t\t<\/div>\n<div class=\"haavind-tech-info__blocks\">\n<h3 class=\"wp-block-heading\" id=\"h-status\">Status<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-eu\"><strong>EU<\/strong><\/h4>\n\n\n\n<p>Date of application is 18 October 2024.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-eea\"><strong>EEA<\/strong><\/h4>\n\n\n\n<p>Pending. The Commission has marked the proposal as EEA-relevant.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-\"><\/h4>\n\n\n\n<p><\/p>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-scope\">Scope<\/h2>\n\n\n\n<p>Operators of essential and important services within several sectors such as energy, transport, wastewater, food, research, IT (managed service providers and managed security service providers), public administration and postal and courier services. The margin of manoeuvre for member states in identifying entities subject to the Directive is reduced compared with the NIS 1 Directive.<br><br>Micro- and small enterprises (less than 50 employees and annual turnover below 10MEUR) are as a starting point not subject to the Directive. Such enterprises may still be encompassed, e.g. if they are considered to have a key role in society, the economy or a certain sector (e.g., sole supplier to an EU country, or entities operating a particularly vulnerable business).<br><br>The distinction between essential and important services is only relevant for the supervisory regime (ex-ante supervision for essential services, and ex-post supervision for important services).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-relevance\">Relevance<\/h2>\n\n\n\n<p>NIS 2 not only addresses the challenges and limitations of NIS 1 but also introduces enhanced measures to ensure a unified and robust cybersecurity framework across Europe. <br><br>Implementation in Norway will likely be done through amendments to the Digital Security Act.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-key-obligations\">Key obligations<\/h2>\n\n\n\n<p>Like under the NIS 1 Directive, entities in scope are required to conduct a risk assessment and implement security measures appropriate to the risk. However, the NIS 2 Directive imposes a broad range of minimum measures, including: i) business continuity; ii) supply chain security; iii) policies and procedures to assess the effectiveness of cybersecurity risk-management measures; basic cyber hygiene practices and training; iv) policies and procedures regarding use of cryptography; and v) human resources security.<br><br>The Directive further enhances the notification regime for cybersecurity incidents, through a three-step model where an early warning and initial information must be provided within 24 hours, an initial assessment of the incident within 72 hours, and a detailed report with identified root cause and mitigation measures within one month.<br><br>Supervisory authorities are given broad powers to supervise and impose sanctions, e.g. trough on-site inspections, security scans, requests for evidence of implementation of policies, and binding instructions. Further, the regime for regulatory fines is harmonized, meaning the maximum fine must be at least EUR 10 million or 2% of the total global annual turnover of the business, whichever is higher for essential service providers. For important service providers, the maximum fine must be at least EUR 7 million or 1.4% of the total global annual turnover.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Deadline for implementation in the EU (Directive 2022\/2555)<\/p>\n","protected":false},"featured_media":7660,"menu_order":0,"template":"","meta":{"tech-insight-date":"2024-10-18T10:03:04","footnotes":""},"tech-insight-category":[92],"tech-insight-jurisdiction":[83,84],"tech-insight-status":[86,97],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.2 (Yoast SEO v24.2) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>NIS2 Directive - Haavind Tech Insight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIS2 Directive\" \/>\n<meta property=\"og:description\" content=\"Deadline for implementation in the EU (Directive 2022\/2555)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/\" \/>\n<meta property=\"og:site_name\" content=\"Haavind Tech Insight\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-16T11:17:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"460\" \/>\n\t<meta property=\"og:image:height\" content=\"352\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/\",\"url\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/\",\"name\":\"NIS2 Directive - Haavind Tech Insight\",\"isPartOf\":{\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg\",\"datePublished\":\"2024-10-04T08:06:23+00:00\",\"dateModified\":\"2024-10-16T11:17:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#primaryimage\",\"url\":\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg\",\"contentUrl\":\"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg\",\"width\":460,\"height\":352,\"caption\":\"3d rendering of rows of network servers machine farm cloud computing hardware on blue sky background.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NIS2 Directive\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/#website\",\"url\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/\",\"name\":\"Haavind Tech Insight\",\"description\":\"Stay ahead with our digital roadmap of EU Tech regulations\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/haavind.stage01.dekodes.no\/techinsight\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"NIS2 Directive - Haavind Tech Insight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/","og_locale":"en_US","og_type":"article","og_title":"NIS2 Directive","og_description":"Deadline for implementation in the EU (Directive 2022\/2555)","og_url":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/","og_site_name":"Haavind Tech Insight","article_modified_time":"2024-10-16T11:17:50+00:00","og_image":[{"width":460,"height":352,"url":"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/","url":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/","name":"NIS2 Directive - Haavind Tech Insight","isPartOf":{"@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/#website"},"primaryImageOfPage":{"@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#primaryimage"},"image":{"@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#primaryimage"},"thumbnailUrl":"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg","datePublished":"2024-10-04T08:06:23+00:00","dateModified":"2024-10-16T11:17:50+00:00","breadcrumb":{"@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#primaryimage","url":"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg","contentUrl":"https:\/\/haavind.stage01.dekodes.no\/content\/uploads\/sites\/5\/2024\/10\/NIS2-460x352-1.jpg","width":460,"height":352,"caption":"3d rendering of rows of network servers machine farm cloud computing hardware on blue sky background."},{"@type":"BreadcrumbList","@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/tech-insight\/nis2-directive\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/"},{"@type":"ListItem","position":2,"name":"NIS2 Directive"}]},{"@type":"WebSite","@id":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/#website","url":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/","name":"Haavind Tech Insight","description":"Stay ahead with our digital roadmap of EU Tech regulations","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight\/7273"}],"collection":[{"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight"}],"about":[{"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/types\/tech-insight"}],"version-history":[{"count":5,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight\/7273\/revisions"}],"predecessor-version":[{"id":7739,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight\/7273\/revisions\/7739"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/media\/7660"}],"wp:attachment":[{"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/media?parent=7273"}],"wp:term":[{"taxonomy":"tech-insight-category","embeddable":true,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight-category?post=7273"},{"taxonomy":"tech-insight-jurisdiction","embeddable":true,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight-jurisdiction?post=7273"},{"taxonomy":"tech-insight-status","embeddable":true,"href":"https:\/\/haavind.stage01.dekodes.no\/techinsight\/wp-json\/wp\/v2\/tech-insight-status?post=7273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}