Major impact of new NIS2 cybersecurity directive

What is NIS2?

NIS stands for Network and Information Security Directive. NIS2 Directive was adopted by the European Union in late 2022, as a follow-up to NIS1 Directive. NIS2 directive will be translated in Belgium into the "NIS2 law" (law of April 26, 2024 establishing a framework for the cyber security of network and information systems of general interest for public security), which will replace the current "NIS-1 law" (law of April 7, 2019 establishing a framework for the security of network and information systems of general interest for public security). The NIS2 law is to take effect in October 2024. 

The new NIS2 law will apply to more sectors and more organizations than the NIS1 law. It covers organizations in two categories - essential and important for Belgium - for example in the health care, drinking water, waste water, postal and courier services, digital infrastructure, ICT services, energy, banking, Financial Market Infrastructure, transport, etc... Depending on the sector, the size of the organization and the specific activities, the NIS2 law applies. 

What should you consider as an organization?

Organizations covered by the new legislation will face registration, care and notification requirements. For example, they must start registering themselves as NIS2 entities. The duty of care means that organizations must conduct a risk analysis on the security of their network and information systems and take measures to manage those risks. Regular testing is also required. Risk management also relates to cooperation with third parties. The reporting requirement means that impactful incidents must be shared with the Center for Cybersecurity Belgium (CCB). Relevant organizations must also have their incident handling processes in place. 

Enforcement on NIS2

NIS2 entities will come under the supervision of the Center for Cybersecurity Belgium (CCB), as well as sectoral authorities, which proactively monitors key organizations and checks key organizations on suspicion. Failure to comply with the new legislation could expose organizations to high fines of up to 1.4% or 2% of global turnover. 

An expert partner helps manage risk

Crucial organizations, to which NIS2 applies, need expert partners to keep their information and network systems cyber-secure and meet regulatory obligations. As a provider of digital infrastructure for critical sectors, we have extensive knowledge about secure and reliable data traffic. This allows us to advise our clients on the measures needed to manage risk. 

With its own high-quality fiber-optic network, Eurofiber guarantees reliable and secure data transport

We have our processes firmly in place. We work exclusively with regular certified contractors for the construction and maintenance of our fiber optic connections. Our Network Monitor Center (NMC), with its own in-house specialists, monitors the entire network 24/7, 365 days a year, to prevent or quickly resolve any disruptions. We provide your own, redundant fiber optic connection with a minimum uptime guarantee of 99.9%. Plus, we have 6 data centers in the Netherlands, so you know exactly where your data is. In everything we do, we provide high-quality support.

Eurofiber is proven to be well in control:

• ISO 9001 certification for quality
• ISO 27001 certification for information security
• ISO 14001 certification for environmental management.
• ISAE 3402 type II audit opinion.