cybersecurity and encryption

NIS2

Cybersecurity and Cifra

October 17, 2024 marks a turning point in cybersecurity measures in the European Union. With the transposition of the NIS2 Directive (Directive 2022/2555), organizations, both public and private, will be forced to strengthen their cybersecurity strategies.

What is NIS2?

The NIS2 Directive, the successor to the initial Network and Information Systems (NIS) Security Directive, is a key regulation to strengthen cybersecurity and protect critical infrastructures across the European Union (EU). This new regulation has addressed the shortcomings of its predecessor and expanded its scope, strengthening the obligation to report incidents and improving organizations’ crisis management capabilities.

NIS2 establishes the cybersecurity requirements to be met by EU member states, based on the previous Directive 2016/1148 (NIS1) on security in networks and information systems. It also repeals Directive 2016/1148 and amends Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market.

To understand the importance of NIS2, it is necessary to understand the current European digital landscape, in which we have a very extensive and complex digital infrastructure that is present in all facets of life, commerce and well-being. This infrastructure and interconnectedness enables exponential efficiency, growth and technological advances, in turn generating new cyber threats and vulnerabilities from which we must protect ourselves.

What are the objectives of NIS2?

The main objectives of NIS2 are to strengthen cybersecurity in the European Union, ensuring that organizations take effective measures to protect critical infrastructures and essential services. It is also focused on improving the way in which the European Union prevents, manages and responds to cybersecurity incidents, through proper planning.

The directive also seeks to improve cooperation betweenmember states, facilitating the exchange of information for better management of cybersecurity threats and incidents. In addition, NIS2 broadens its scope to include more sectors and industries, both public and private, in order to increase resilience to cyber-attacks. It also establishes a clear framework of penalties to incentivize compliance and ensure security across Europe.

Which companies are affected by NIS2?

The NIS2 Directive applies to public and private entities in a total of 18 sectors, broadening the scope of organizations required to comply with the regulations, and affecting organizations that were not previously regulated. These sectors have been classified into 2 groups, being either high criticality or other critical sectors:

  • Energy
  • Banking
  • Financial market infrastructures
  • Health
  • Transportation, digital infrastructure
  • Drinking water
  • Wastewater
  • Public Administration
  • ICT service management
  • Space
Other critical sectors
  • Research
  • Chemistry
  • Feeding
  • Postal Services
  • Digital suppliers
  • Manufacturing
  • Waste management

Do you want to know if you should implement NIS2 in your organization?

Request information

Contact

What are the possible sanctions of NIS2?

Organizations can face significant financial penalties if they fail to comply with NIS2 obligations. Penalties vary depending on the severity of the incident, negligence, size, resources and even organizational history with respect to cases of the same nature.

Administrative fines

Member States should set the maximum level of fines to ensure deterrence. The NIS2 suggests that fines should be “effective, proportionate and dissuasive”.

Fines may be up to a maximum of:

  • 10 million euros
  • 2% of the overall annual turnover of the company concerned

The fine to be imposed will be the greater of these two options.

Penalties for the administration

The NIS2 introduces sanctions that can be directed not only at the company as such, but also at managers and decision-makers who fail to take appropriate action.

Inspections and corrective actions

The national authorities designated to oversee compliance with the NIS2 have the power to conduct inspections of companies and organizations.

If they detect non-compliance, they can order corrective measures and sanction those who fail to implement them properly or within the indicated timeframe.

Penalties for failure to comply with notifications

NIS2 establishes strict incident reporting obligations. Any serious incident affecting your networks and information systems must be reported promptly within the established deadlines.

Entity requirements for NIS2 compliance

Contact Form

© 2024 Grupo Oesía

Facebook Icon-twitter_5968958 Linkedin Youtube Instagram

SGoSat

Family of SATCOM On The Move (SOTM) terminals for vehicular installation and stable mobile connection

SGoSat is a family of high-tech SOTM (Satellite Comms On The Move) terminals that are installed in a vehicle, providing the ability to target and maintain a stable connection to the satellite when the vehicle is in motion in any type of conditions.

The SGoSat family is composed of versatile terminals, which can be installed on any type of platform: trains and buses, military and/or government vehicles, aircraft, ships, etc. Originally designed for the military sector, SGoSat terminals are extremely reliable and robust, integrating high-performance components that comply with the most stringent environmental and EMI/EMC regulations. The product uses low-profile, high-efficiency antennas and a high-performance positioning and tracking unit, allowing the terminal to be operated anywhere in the world.

In order to meet the diverse needs of its customers, INSTER has developed single band and dual band terminals in X, Ka and Ku frequencies.

The SGoSat family of terminals can also be configured with a wide range of radomes (including ballistic options) to suit customer requirements.