Heimdal

Comply with the EU's NIS 2 Directive with Heimdal®

Heimdal helps organizations get in line with the European Commission’s NIS 2 Directive, empowering them to prepare for and respond to cyber-risks and incidents. Implement fully compliant security controls with comprehensive asset, access, and vulnerability management, as well as a team of trained security experts that are always ready to lend a helping hand.

What is the
NIS 2 Directive?

The European Commission’s NIS 2 Directive is a set of cybersecurity measures and recommendations that are meant to further enhance proactive protection and incident response strategies among relevant authorities, as well as public and private entities. It was designed as a replacement for the original NIS Directive, which failed to adapt in the face of the COVID-19 pandemic and its reshaping of the way society interacts with the digital world.

The NIS 2 Directive is aligned with the European Commission’s efforts to protect Europe in the digital age and ensure that its economy is future-proof. It was adopted by the European Parliament on November 10th, 2022, with the Council following suit on November 28th, 2022, effectively starting the repealing process of the previous NIS Directive.

Eu Flag
Eu Flag

Who is the NIS 2 Directive for?

The NIS 2 Directive applies to entities that operate in the private and public sectors within the European Union. This includes, but is not limited to, the health, energy, transport, and digital infrastructure sectors.

The European Union is currently comprised of 27 European countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.

The NIS 2 Directive applies to all these territories, and should be implemented by all entities that reside and operate within them according to the following timeline:

According to Article 20 of the NIS 2 Directive, the responsibility for implementing and upholding these measures falls on the management bodies of the entities listed as essential by each Member State.

July 17th, 2024

The NIS 2 Directive applies to entities that operate in the private and public sectors within the European Union. This includes, but is not limited to, the health, energy, transport, and digital infrastructure sectors.

October 17th, 2024

By this date, the European Commission with lay down the technical and methodological requirements for each cybersecurity area covered by the NIS 2 Directive. Every Member State of the European Union must adopt and publish its measures to comply with it.

October 18th, 2024

Member States must apply their measures starting with this date. On this date, the previous NIS Directive will also be effectively repealed.

January 17th, 2025

On this date, the NIS Cooperation Group will establish a framework for peer reviews carried out by cybersecurity experts appointed by Member States. These will analyze the efforts made by each country towards compliance and find ways to strengthen and enhance them.

April 17th, 2025

All Member States will submit a list of essential entities, as well as entities that provide domain name registration services. This list will be updated every two years.

October 17th, 2025

Starting with this date and every 36 months thereafter, the European Commission will review the efficiency of the NIS 2 Directive and report back to the Parliament and Council.

According to Article 20 of the NIS 2 Directive, the responsibility for implementing and upholding these measures falls on the management bodies of the entities listed as essential by each Member State.

Relevant Teams

Compliance

Compliance

Secops

Secops

IT

IT

NIS 2 Directive Goals & Components

The NIS 2 Directive’s main goal is to empower entities from the EU’s Member States to prepare for and respond to cybersecurity incidents in a manner that is in tune with the current digital landscape. To achieve this, it covers areas such as:

Incident handling

Incident handling

Asset and vulnerability management

Asset and vulnerability management

Access control

Access control

Risk analysis

Risk analysis and management policies

Supply chain security

Supply chain security

MFA and encryption

MFA and encryption

Disaster recovery and backup

Disaster recovery and backup

Heimdal®’s Coverage of the NIS 2 Directive

Controls

Protected by Heimdal

Internal Company Policy Out of Scope
Incident handling check
Crisis management check
Vulnerability management check
Access control policies check
Asset management check
Cyber-hygiene practices check
Risk analysis policies check
Information security policies check
Risk management assessment policies check
Backup management check
Supply chain security check
Cryptography and encryption check
MFA/continuous authentication check

Staying NIS-compliant with Heimdal®

GET A HEAD START ON CYBERSECURITY MEASURES

Heimdal’s cybersecurity solutions can help you cover vital areas for your company’s NIS 2 compliance.

Further your team's cybersecurity training