What is NIS2?
Directive (EU) 2022/2555, known as NIS2, is the evolution of the network and information security framework in the European Union. It establishes security requirements, incident notification, and risk management requirements for organizations in critical sectors and essential services, as well as for digital service providers.
Unlike its predecessor (NIS1), NIS2 expands the scope to more sectors, strengthens technical and organizational requirements, and introduces new governance and risk management obligations. Compliance is mandatory for all organizations within its scope.
NIS2 Scope
NIS2 affects:
- Critical entities: Operators of essential services (energy, transport, water, health, finance, etc.)
- Important entities: Organizations in additional sectors with critical operations (manufacturing, food, waste, telecommunications, etc.)
- Digital service providers: Online platforms, cloud services, search engines with significant effects in the EU
Alignment with ISO 27001 and ENS
At Binaura we understand that NIS2 is not an isolated standard, but a regulatory framework that aligns with and complements existing standards:
- ISO 27001: NIS2 reinforces the technical and organizational controls that ISO 27001 establishes. ISO 27001 implementation provides a solid foundation for NIS2 compliance.
- ENS (National Security Scheme): In Spain, NIS2 and ENS converge in similar requirements. Both require risk analysis, technical controls, incident management and business continuity.
- GDPR: NIS2 complements GDPR in aspects of personal data security, especially in breach notification.
NIS2 Key Requirements
- Risk analysis and management: Identify, assess and continuously mitigate security risks
- Technical and organizational measures: Implement security controls, encryption, multi-factor authentication, network segmentation
- Governance: Designate security responsible parties, establish policies and procedures
- Incident notification: Report significant incidents to competent authorities within 24 hours
- Business continuity: Business continuity and disaster recovery plans
- Supply chain: Risk management in suppliers and subcontractors
- Internal and external audits: Periodic compliance assessments
- Training and awareness: Staff trained in information security
Our NIS2 Services
- Scope assessment: determination of whether your organization is a critical or important entity
- GAP analysis against NIS2 requirements
- Design and implementation of technical and organizational measures
- Development of security policies and procedures
- Incident response plan and notification to authorities
- Assessment and risk management in the supply chain
- Implementation of business continuity
- Internal audits of NIS2 compliance
- Training and awareness of personnel in security
- CISO as a Service for continuous governance and oversight
Implementation Timeline
- 2024: Deadline for transposition into national legislation (some countries have already done so)
- 2025: Entry into force and application to critical entities
- 2026: Application to important entities and digital service providers
Why Choose Binaura for NIS2?
- Experience in ISO 27001, ENS and information security regulatory frameworks
- Integrated approach: NIS2 is not isolated, we link it with your existing standards
- Team certified in audit, risk management and information security
- We adapt implementation to your specific context and sector
- Follow-up and continuous improvement beyond initial implementation
Certified Team
Our consultants have the most recognized certifications in the industry: