Difference between NIS & NIS2
The NIS Directive, adopted in 2016, was the first EU-wide legislation on cybersecurity. Its main goal was to establish a common level of security for network and information systems across the European Union. The NIS2 Directive is an updated and more comprehensive version of the NIS Directive, aiming to address the shortcomings of the original legislation and to adapt to the evolving digital landscape. We’ve listed the most important differences between these two directives in a useful infographic.
Am I considered essential or important under NIS2?
Industries & Entities considered essential | Industries & Entities considered important |
---|---|
Energy | Digital providers |
Transport | Postal and courier services |
Banking | Waste management |
Financial market infrastructure | Food |
Healthcare | Chemicals |
Drinking water | Research |
Digital infrastructure | Manufacturing |
Managers of ICT services | |
Wastewater | |
Government services | |
Aerospace |
Essential entities:
- are large organisations operating in a sector listed in the left column above
Important entities:
- are medium-sized organisations operating in a sector listed in the left column above and medium and large organisations operating in an industry listed in the right colum above.
An organisation is large based on the following criteria:
- a minimum of 250 employees or;
- an annual turnover of €50 million or more and a balance sheet total of €43 million or more.
An organisation is medium-sized based on the following criteria:
- 50 or more employees or;
- an annual turnover and balance sheet total of €10 million or more.
SANS Survey: NIS2 Directive Readiness & Awareness
Take this survey to help us look into the preparedness and awareness of the new EU NIS2 Directive for organizations conducting business in Europe. The results of this research will help us provide better guidance to the industry on how to prepare for this new regulation.
Mapping your path using the ECSF and NIS2
The European Cybersecurity Skills Framework (ECSF) is a practical tool to support the identification and articulation of tasks, competencies, skills and knowledge associated with the roles of European cybersecurity professionals. To enable you to see which skills are required for these roles and what courses and exercises might help you obtain these skills, we have created an easy-to-use mapping tool for you to discover your potential next training opportunity.
Latest NIS2 News & Updates
How can SANS help prepare for NIS2?
More than just a training partner
SANS offers more than cybersecurity training. When partnering with us, we will work closely with you to develop training roadmap, assess your security posture and help define where your skills gaps lie. Ranging from risk assessments to advanced and specialized role-base training, we help you establish and strengthen you, your team and your organisations capabilities.
Secure Compliance Globally
NIS2 is just one of many recent regulations that will have global repercussions. The recent US SEC ruling on Incident Reporting and Management oversight and the DOD 8140.3 ruling, all have implications for organisations and government instances on a global level.
SANS has a variety of other resources related to these recent regulatory changes which you can find here.