The NIS2 (Network and Information Security) is a European directive that aims to increase the digital and physical resilience of member states and critical organizations. In contrast to its predecessor, NIS2 has a significantly broader scope and introduces stricter requirements in three core areas:
- Duty of Care: Organizations must take appropriate technical and organizational measures to manage risks and prevent incidents.
- Administrative Liability: The board is directly responsible for compliance and can be held personally liable in the event of serious negligence.
- Supply Chain Security: Companies are legally obliged to monitor and guarantee the security of their supply chain.
The directive compels organizations not only to have their own security in order, but also to take a critical look at the security of the partners and suppliers with whom they work.
