NIS 2 – New requirements
31 July 2024 / News
The end of 2024 is not only marked by whistleblowers, but also by ‘Cyber Security’. We owe this to the NIS 2 directive and the DORA regulation. Today, a few words about NIS 2.
By 17 October 2024, Poland must implement the EU NIS 2 Directive, which is intended to ensure the resilience of entities important from a public interest perspective to cyber threats. This requires the implementation of appropriate procedures and training, including: risk analysis and IT system security, incident handling, business continuity, crisis management, supply chain security and others.
NIS 2 will cover a number of entities that have not yet been regulated under NIS 1. According to the draft amendments to the National Cyber Security System Act (UKSC), entities that should be particularly interested in NIS 2 include:
✔️ Energy
✔️ Transport
✔️ Banking
✔️ Infrastructure financial markets
✔️ Protection health
✔️ Supply drinking water and its distribution
✔️ Digital infrastructure
✔️ Wastewater
✔️ Management IT services
✔️ Public sector
✔️ Space
✔️ Postal and courier services
✔️ Waste management
✔️ production manufacturing and distribution of chemicals
✔️ Production food processing and distribution
✔️ Production
✔️ Providers of digital services
✔️ Scientific research
The list is long 😊. What’s more, the UKSC draft requires self-identification of entities that meet the criteria and registration in the relevant register.
The UKSC amendment, according to the draft, will come into force within one month of publication. This will not be sufficient time to fully implement the new obligations. Therefore, we are already proposing to audit and implement NIS 2 for our clients, based on the PN-EN ISO/IEC 27001, PN-EN ISO/IEC 22301 standards and market best practices. Once the legislation has been finalised, fine-tuning the procedures will be sufficient.
And you, are you ‘catching on’ to NIS2 and are you NIS-ready?
Need help with this topic?
Write to our expert
Articles in this category
STEP platform – a new era for AI in the European Union
STEP platform – a new era for AI in the European UnionObtaining a CASP licence – key information for crypto companies
Obtaining a CASP licence – key information for crypto companiesDeclassification of documents on the Kennedy assassination – sheds new light on historical events and the impact of technology on historical research
Declassification of documents on the Kennedy assassination – sheds new light on historical events and the impact of technology on historical researchTime change and labour law – impact on working hours and wages
Time change and labour law – impact on working hours and wagesDORA: Register of ICT Contract Information – the Polish Financial Supervision Authority will soon give the ‘I’m checking’ signal
DORA: Register of ICT Contract Information – the Polish Financial Supervision Authority will soon give the ‘I’m checking’ signal