NIS2 requirements

Oct 28, 2024

DEKRA: the authority on NIS2 requirements

Cyberattacks in 2024 have become a daily occurrence, and their impact on organizations can be devastating. To address these challenges, the EU has designed the new cyber legislation NIS2. As a cybersecurity expert, DEKRA also offers certifications that are part of demonstrating compliance with NIS2 requirements. These include parts of ISO 27001 and IEC 62443 combined with additional documentation. In this blog, we discuss why DEKRA is the authority in NIS2 compliance and how we help organizations ensure their cybersecurity.

What is NIS2?

NIS2 (Network and Information Systems Directive) is a European cyber legislation and successor to the original NIS legislation, which was introduced in 2016. This legislation focuses on raising the security level of network and information systems within the EU, particularly for companies providing essential services such as energy, transport, and healthcare. The expansion to NIS2 extends the scope to other sectors, such as the food industry, financial sector, and public services. In the Netherlands, the NIS2 directive comes into effect in July 2025. The European implementation date for the NIS2 directive and its requirements is also set for July 1, 2025. The following sectors fall under NIS2:

Manufacturing
Energy
Transport
Banking
Financial market infrastructure
Healthcare
Drinking water

Digital infrastructure
ICT service providers
Wastewater
Public administration
Local authorities
Space

Digital service providers
Postal and courier services
Waste management
Food industry
Chemical substances
Research

An important aspect of NIS2 is the emphasis on the responsibility of organizations to map and address cybersecurity risks within their supply chain. This means that companies must not only secure their own systems but also those of their partners and suppliers, encompassing the entire chain. The ultimate goal is to create a more resilient digital ecosystem, significantly reducing the risk of disruptions due to cyberattacks.

DEKRA’s expertise in cybersecurity

DEKRA has positioned itself as a leading expert in the field of cybersecurity. With in-depth knowledge and extensive experience of our experts, DEKRA offers a wide range of services to support organizations in complying with the NIS2 requirements. Here are some of the reasons why DEKRA is considered the authority in this field:

DEKRA offers a broad range of cybersecurity services, including assessments, audits, and certifications like ISO 27001 and IEC 62443. These services are designed to help organizations identify vulnerabilities, implement effective security measures, and ensure continuous compliance with regulations such as NIS2.

NIS2 requirements vary per organization. Sometimes, ISO 27001 plus additional documentation is sufficient, while other companies need to comply with parts of ISO 27001 and IEC 62443, along with extra documentation. Compliance with these standards is not mandatory but highly beneficial.

More information about DEKRA's cybersecurity services can be found on our cybersecurity page.

In addition to the NIS2 requirements, DEKRA has in-depth knowledge of other key cybersecurity standards and regulations such as IEC 62443 and ISO 27001. This expertise helps DEKRA assist organizations in integrating multiple standards and developing a comprehensive cybersecurity strategy.

Read more about the relationship between NIS2 and IEC 62443 in DEKRA's blog on NIS2 and IEC 62443.

DEKRA has years of experience in certifying organizations against various security standards. This experience enables DEKRA to conduct thorough and reliable audits, which are essential for demonstrating NIS2 compliance. DEKRA's certification process not only helps organizations comply with regulations but also strengthens their overall security posture.

For more information on the synergy between ISO 27001 and NIS2, read DEKRA's blog on ISO 27001 and NIS2.

How DEKRA assists organizations with NIS2 requirements

Complying with the NIS2 requirements can be a challenging process, but DEKRA offers a structured approach to guide organizations through this process. Here are some steps DEKRA taked to help organizations achieve NIS2 compliance:

1. Risk analysis: DEKRA starts with a comprehensive risk and gap analysis to evaluate the current state of affairs. This includes identifying potential weaknesses and assessing the effectiveness of existing security measures.

2. Implementation of security measures: Based on the findings from the analyses, DEKRA helps organizations implement the necessary security measures. This can range from policy adjustments to personnel training.

3. Continuous monitoring and evaluation: NIS2 compliance requires continuous monitoring and evaluation of security measures. DEKRA offers services for regular audits and assessments to ensure that organizations remain compliant with the NIS2 requirements and can quickly respond to new threats.

4. Incident response and recovery: In the event of a security incident, a swift and effective response is crucial. DEKRA helps organizations develop and evaluate incident response plans and recovery strategies to minimize the impact of incidents and quickly return to operational status.

Contact us for more information

NIS2 compliance is a complex and ongoing process that requires organizations to continuously evaluate and improve their security measures. DEKRA's extensive expertise, in-depth knowledge of regulations and standards, and years of experience in cybersecurity make us the authority on NIS2 compliance. By partnering with DEKRA, organizations can not only comply with the NIS2 requirements but also enhance their overall cybersecurity and be better prepared for the challenges of the digital future.

For more information on how DEKRA can assist your organization with NIS2 compliance, feel free to contact one of our experts.

Show all articles