Against a backdrop of growing and sophisticated digital threats, the European Union has taken a firm step towards strengthening its regulatory framework with the adoption of Directive (EU) 2022/2555, commonly known as NIS2. This regulation, which replaces the original NIS Directive, raises cybersecurity requirements for operators of essential services and key businesses in strategic sectors.
The evolution of NIS towards NIS2: a strategic necessity
The original NIS Directive was the first major European regulatory effort to establish a common cybersecurity framework for Member States. However, the acceleration of the digital transformation and the increase in the complexity and frequency of cyber-attacks highlighted the need for a thorough update.
NIS2, adopted in January 2023, significantly broadens the scope of application compared to its predecessor. Not only are more sectors included, but also the obligations for risk assessment, incident reporting and monitoring by national authorities are tightened.
Key requirements of NIS2
The most relevant aspects introduced by NIS2 include:
- Strengthened cybersecurity obligations, including risk management policies, vulnerability analysis, technical and organisational measures to prevent incidents, and business continuity plans.
- Senior management liability, which means that managers can be held liable in case of non-compliance.
- Tight notification deadlines, with an initial alert within 24 hours of detecting a relevant incident.
- Supply chain: this regulation applies not only to critical and important sectors, but also to their entire supply chain.
- Significant penalties, which can be up to 2% of the organisation's global turnover or 10 million euros for critical entities. For significant entities, these penalties can amount to 1.4% of turnover or 7 million euros in case of non-compliance with the standard.
Real compliance beyond the paper
Adapting to NIS2 is not just about implementing policies or appointing cybersecurity officers. It requires robust infrastructures, auditable systems and technologically reliable solutions.
In this context, relying on providers that already operate under high security standards is key. DORLET, a company specialising in comprehensive security systems, is not only prepared for NIS2 requirements, but also offers solutions backed by benchmark certifications, such as:
- Grade 4 in Intrusion (EN-50131) and Access Control (EN-60839): Certifications that guarantee maximum security in high-risk environments, such as critical infrastructures.
- National Security Scheme (ENS) at medium level: Certification that applies to the entire public sector and its suppliers to guarantee a common framework of basic principles, requirements and security measures for adequate protection of the information processed and the services provided.
- ANSSI CSPN certification: Recognition granted by the French National Agency for Information Systems Security, which validates the robustness and reliability of the DORLET Physical Access Control V1.1 solution in cybersecurity.
These certifications guarantee that DORLET systems meet demanding technical and functional criteria against attacks. Therefore, they not only facilitate compliance with the NIS2 directive, but also with other frameworks such as the forthcoming CER (Cybersecurity Emergency Response).
Compliance with NIS2 starts with choosing certified systems
NIS2 is an opportunity to strengthen digital resilience in Europe, but it also represents a technical and organisational challenge. Companies operating in strategic sectors must act quickly and judiciously, choosing solutions that not only promise, but also demonstrate with certifications their level of security.
Want to know more about NIS2? Contact us by sending an email to online@dorlet.com or calling 945 29 87 90 and we will be happy to talk to you and answer your questions.
