In 2023, the European Union introduced a new directive on cybersecurity, known as NIS2. The previous version, NIS1, was criticised for its insufficient focus on security mechanisms and for not covering all entities, which posed significant cybersecurity risks.

NIS2 brings a number of significant changes aimed at improving digital protection. The directive must be adopted by member states by 17 October, highlighting the urgent need to address growing cybersecurity challenges.

A key change is the introduction of two tiers of entities, covering not only those critical to the state, but also those of strategic importance. In addition, the scope of the directive has been significantly broadened by taking into account not only the sector but also the size of the entity. The number of types of entities covered by the Directive has increased from 30 to 67, and the number of sectors from 7 to 18, reflecting an ambitious approach to ensuring comprehensive protection.

One of the biggest challenges will be for organisations for which cybersecurity has not been a priority. Organisations will be automatically qualified and risk management will be given the highest priority. An important element of the Directive is also its coverage of the supply chain,  enhancing the integrity and security of the entire ecosystem.

NIS2 introduces new entities such as IT service and network providers, the pharmaceutical, medical and chemical industries, and public administration. It introduces a requirement for centralised incident reporting, with short deadlines for reporting and notification of incidents to ensure a rapid response and minimise the impact of attacks.

The European Union will oversee the implementation of the Directive and Member States will be required to monitor the facilities covered by the Directive. Failure to do so will result in severe penalties of up to €1.7 million or 1.4% of global annual turnover.

In the light of these changes, we at Intratel would like to emphasise our commitment to the security of our customers' data. We are able to carry out security audits and manage data to ensure its protection. Our solutions are optimised to comply with new regulations, so our customers can use our services with confidence, knowing that their data is in safe hands.