The NIS 2 Directive (EU) has been in effect since 16 January 2023 and is the successor to the NIS 1 Directive, transposed in Belgium by the NIS 1 Act of 7 April 2019.
Due to increased cyber threats, NIS 2 strengthens the cybersecurity measures to be taken and expands the scope to new sectors such as transport, health, digital infrastructure, ICT service management, postal and courier services, chemicals, food, digital providers, etc.
Not only large but also medium-sized enterprises operating in the sectors listed in the Annexes of NIS 2 can be in scope. If your company has more than 50 employees or an annual turnover of over 10 million EUR it is possible that NIS 2 applies to your business.
The legally obliged measures to be taken aim to protect network and information systems from incidents. These measures include i.a. risk analysis, incident handling, business continuity, policies and procedures, MFA, cybersecurity training, etc. Essential and important entities must report any significant incident without delay to the competent authorities (in Belgium: the CCB).
Non-compliance can be penalized with administrative fines up to 10.000.000 EUR or at least 2% of the total annual worldwide turnover.
Belgium must adopt NIS 2 in national legislation by 17 October 2024.
Want to know if NIS 2 applies to your business and how you need to comply? Contact Nuans.