What is the NIS2 Directive?
The European Union has introduced a significant piece of legislation known as the Network and Information Security Directive (NIS2 Directive), aimed at strengthening the cybersecurity defenses of essential and important entities across various sectors. This new law will become enforceable on October 18, 2024, with specific deadlines for compliance reporting by April 2025, and an earlier deadline of January 17, 2025, for those in digital infrastructure.
Who does the NIS2 Directive apply to?
NIS2 applies to essential and important entities that have:
- Over 50 employees
- An annual turnover exceeding €10 million
Essential entities are those in the energy, transport, banking, financial market infrastructure, health sectors and drinking water supply and distribution, digital infrastructure, and telecoms and cloud providers.
Important entities are social media and other digital providers, and businesses involved in research; food production; manufacturing; machinery and equipment; transport equipment; postal and courier services; waste management; and the manufacture/production/distribution of chemicals.
What are the implications for your business?
If this new law applies to your business, you will be required to:
- Conduct thorough risk assessments
- Implement robust security protocols
- Ensure the security of your supply chain
- Report any security incidents
What are the consequences if you do not comply with this new law?
Non-compliance with the NIS2 Directive can result in severe penalties, including fines up to 2 percent of your global annual turnover or €20 million – whichever is higher. Additionally, there is potential for personal liability for senior management and possible restrictions on your ability to provide services. Ensuring compliance not only meets legal requirements but also strengthens your defenses against potential cyber threats.
How Reed Smith can help
We will guide you through the complexities of the NIS2 Directive by (i) evaluating how the Directive affects your business and (ii) helping to ensure that you are compliant with the Directive’s various obligations.
What does this mean in practice?
We will provide both legal advice and practical business-focused support to ensure your full compliance, giving you peace of mind and thereby helping to safeguard your business reputation.
With our industry-specific experience, we will work with you in terms that are familiar to you, your business and your industry:
- Updating due diligence. Ensuring your service providers meet the new NIS2 Directive standards
- Revising cybersecurity policies. Enhancing and improving your policies, including incident response and crisis management protocols
- Documentation compliance. Clarifying how the NIS2 Directive applies to your services and aiding in timely communication with regulators
- Reviewing contracts. Amending any existing agreements with service providers to comply with new regulations
- Strategic AI advice. Leveraging artificial intelligence to improve decision-making and managing risks effectively.
Why Reed Smith?
Our team comprises cybersecurity and data protection and industry professionals who will provide bespoke advice. We aim to demystify the technical aspects of the law and to communicate it to you in terms that resonate with your business and industry.
We will help to protect your business.
As both experience lawyers and savvy business advisers, our comprehensive one-stop shop service includes:
- Comprehensive evaluation of NIS2 impact. At Reed Smith, we understand that the NIS2 Directive introduces complex requirements that can significantly impact your business operations. Our team of cybersecurity and data protection professionals is dedicated to helping you navigate these complexities through a thorough and tailored assessment process.
- Tailored risk assessments. We begin by conducting detailed risk assessments to identify how the NIS2 Directive specifically affects your business. This involves evaluating your current cybersecurity measures, identifying potential vulnerabilities and understanding the unique risks associated with your industry and operations.
- Sector-specific analysis. Given that the NIS2 Directive applies to a wide range of sectors – including energy, transport, banking, health, digital infrastructure, and more – our approach is highly customized. We leverage our deep industry knowledge to provide insights that are relevant to your company’s specific sector, ensuring that our advice is both practical and actionable.
- Supply chain security. An essential component of the NIS2 Directive is ensuring the security of your supply chain. We help you assess the cybersecurity practices of your suppliers and partners, identifying any weak links that could pose a risk to your business. This comprehensive evaluation helps you implement robust security protocols across your entire supply chain.
- Incident reporting and response. Understanding the requirements for incident reporting and response is crucial for compliance with the NIS2 Directive. We assist you in developing and refining your incident response plans, ensuring that you are prepared to report and respond to security incidents promptly and effectively. This proactive approach helps to mitigate potential damages and demonstrates your commitment to compliance.
- Legal and practical guidance. Our evaluation process is not just about identifying risks; it’s also about providing practical solutions. We offer both legal advice and business-focused support to help you implement the necessary changes. This includes updating your policies, modernizing contracts and integrating artificial intelligence to enhance decision-making and risk management.
- Strategic advice and continuous support. Reed Smith’s support doesn’t end with the initial assessment or proposed solutions. We provide ongoing strategic advice to help you stay compliant as regulations evolve. Our team is always available to assist with new challenges or questions that arise, ensuring that your business remains secure and compliant in the long term.
Contact us
Partner with Reed Smith to navigate the complexities of the NIS2 Directive. Our dedicated team is here to provide all the legal and practical support you need to ensure compliance and protect your business.
