Guide to NIS2 – New cybersecurity rules
The European Union adopted the NIS2 Directive to raise the level of cybersecurity.This new regulation expands the original NIS Directive from 2016 and introduces stricter obligations for companies operating within the EU or collaborating with European partners. The goal is to better protect networks, data, and digital services in an increasingly complex cyber environment.
What is NIS2?
The NIS2 Directive aims to increase the resilience and security of network and information systems by expanding the scope of sectors and entities required to implement cybersecurity measures and notify the competent authorities about incidents. The directive covers not only traditional infrastructure sectors but also companies that provide digital services, as well as organizations essential to the functioning of society and the economy.
Unlike the previous NIS Directive, which applied to a limited number of essential service operators, NIS2 covers a broader range of sectors including energy, transport, banking and finance, healthcare, digital services, public administration, and the manufacturing industry. This significantly increases the number of organizations that must be prepared to respond to cyber threats.
Organizations under NIS2 are required to:
-
Establish technical and organizational measures to protect network and information systems;
-
Have clear risk management procedures;
-
Report security incidents to the relevant authorities within 24 hours;
-
Establish cooperation and reporting mechanisms as set out by the EU.
Special emphasis is placed on management responsibility, meaning that company boards may be held accountable if appropriate measures are not implemented. In addition to technical capacities, organizational culture that promotes security as a shared responsibility is essential.
Why is NIS2 important for companies in Serbia?
Although Serbia is not an EU member, the NIS2 Directive can have a significant impact on domestic companies, especially those working with EU partners or providing digital services within the European market. Monitoring how this regulation will be transposed into local laws is key for timely compliance.
Compliance with NIS2 standards not only enhances cybersecurity but also strengthens competitiveness and trust in the international market.
How can companies prepare for the NIS2 Directive?
-
Assess compliance and determine whether the company falls under NIS2;
-
Review and strengthen cybersecurity risk management strategies;
-
Align internal processes and implement security policies, procedures, and tools;
-
Involve employees, especially management, in cybersecurity training.
How to check compliance with the NIS2 Regulation?
Compliance checks can be carried out with INTERCERT DOO and TÜV AUSTRIA, as TÜV AUSTRIA is authorized by European bodies to perform conformity assessments under the NIS2 regulation.
NIS2 should not be viewed solely as a regulatory requirement but as an opportunity to enhance the company’s digital resilience. Early preparation not only reduces risks but also builds trust among partners and customers in a constantly evolving digital environment.
Investing in cybersecurity today means stability, competitiveness, and secure business operations in the future.
More information about the NIS2 Directive can be found at the following link.