As the need for cybersecurity grows, the NIS 1 Directive (Network Information Security Directive) steps in to make things secure. Its mission is to ensure a high level of cybersecurity across the EU member states. How? By setting clear requirements for certain organizations to follow. Embracing the NIS 1 Directive helps us safeguard critical infrastructure and keep our digital environment safe.
The directive applies to two groups: essential service providers (think water, transport, energy infrastructure) and digital service providers (like online search engines, marketplaces, and cloud computing). To figure out if a company needs to follow the NIS 1 Directive, they have to do something called self-identification, which helps the company decide if it applies to them. But here's the truth: many online businesses are clueless about whether they need to comply or not. Here's the deal:
If you provide any of these services:
And you fit either of these criteria:
You have to comply! But don’t worry. We'll break down what this means in practice for you.
To comply, digital service providers need to protect their networks and systems. Here are the key areas you should focus on:
Implement both physical and technical security measures to minimize any risks (i.e. lock your offices, use password manager and data backup etc.)
Know what steps to follow when a breach happens (minimize the incident impact and report the attack to authorities)
Create a backup plan that will keep your systems running in case of any unexpected events or after a disaster already occurred
Run regular scans to reveal issues in the security mechanisms
Perform simulated attacks to check the security of your systems
Be compliant with ISO standards, SOC 2 or any other relevant regulations
Want all the details? Check out the official website of the European Union Agency for Cybersecurity.
Also, there's a new version of the NIS directive coming soon. It's been approved by the European Union and will come into effect across all member states next year.
If a company fails to comply, it could face hefty fines. Each EU member state sets its own penalties, which can go up to £17 million. And importantly, a company can be penalized more than once.
Feeling a bit lost in the NIS 1 Directive maze? No worries! Eldison Legal has your back. Reach out to us, and together we'll keep your network and information systems safe and sound.