What Is NIS2?

GDPR to NIS2

GDPR was arguably the most impactful regulatory standard and it changed the way companies worked. It was an EU-led legislation but companies all over the globe realised the scope of the regulatory standard and decided that it made sense to follow GDPR regulations even if a company had minimal presence in the EU.

With GDPR, data privacy, security, protection, and rights were sought to be assured on the user and customer level. The regulation was designed to give users more control and transparency of the data that companies collected on them. While only a few years has passed since the implementation of the law took place, it has shifted the landscape of how companies handle user data.

We believe that there’s a new compliance standard that may have just as large an impact as GDPR yet the discussion around it has been minimal. It’s an EU-based compliance standard called NIS2 Directive and it impacts a much wider scope of companies compared to the original NIS directive.

This is a new cybersecurity directive that aims to establish baseline incident reporting, cybersecurity risk management, supply chain risk management, and imposes heavy fines for non-compliance. Where GDPR sought to improve privacy and security standards on the user data level, NIS2 looks to improve privacy and security standards for companies and organizations as a whole.

While companies won’t need to comply with this new directive until Fall 2024, it’s important for them to be prepared sooner than later as compliance may require a significant undertaking, depending on the current cybersecurity controls and strategy companies have. By prioritizing NIS2 compliance now, companies can comfortably ensure they meet the deadline and won’t have to scramble as the deadline comes closer.

In this blog, Bitdefender will go over the most common questions that you might have about NIS2.