Replacing the original NIS Directive with the NIS2 Directive aims to increase the level of cybersecurity in Europe in the longer term, which is a good thing. It does, however, bring certain challenges for organisations.
NIS2 extends the scope of the original NIS directive to more sectors and more entities. The sectors now include telecoms, social media platforms, public administrations, and specific elements in the health sector.
The entities now included in the NIS2 scope also go beyond just essential services organisations and digital service providers to cover online platforms. This means that social media sites, cloud service platforms, and search engines will now have to comply with stringent cybersecurity requirements.
Given this extended scope, companies will now need to assess whether they fall under the NIS2 directive and identify which of their business units are impacted.