Anwendungsbereich des Regulatory Essentials
Geltende Rechtsvorschriften:
NIS-2-Directive (EU) 2022/2555
Publication in OJEU on 27.12.2022.
Brief description of NIS-2 Directive (EU) 2022/2555
Scope:
- significantly expanded compared to NIS.
- companies that employ more than 50 people AND
- have an annual turnover or an annual balance sheet of more than EUR 10 million AND
- belong to a critical or most important sector.
- covered sectors are being massively expanded.
- critical health sector will include healthcare providers, for example, and in particular laboratories, medical research and pharmaceuticals, and manufacturers of medical devices.
- critical “digital infrastructure” sector, which in future will also include cloud providers, data centers and content delivery networks in particular, will be significantly expanded.
- important sectors will include the entire industrial sector and in particular manufacturers of medical devices and computers, but also the mechanical engineering and mobility sectors.
Obligations:
- NIS 2 directive provides for various risk management measures and reporting obligations for companies
- in particular the creation of risk analysis and security concepts for the information systems, the management of incidents, the disclosure of weak points and ensuring security in the supply chain.
- two-step approach is envisaged for reporting.
- after becoming aware of an incident, companies have 24 hours to submit a preliminary report, followed by a final report no later than one month later.
Entities & Sectors:
- in NIS 2 more entities and sectors will have to take measures to protect themselves:
- “Essential sectors” such as the energy, transport, banking, health, digital infrastructure, public administration and space sectors will be covered by the new security provisions.
- “Important sectors” (NEW) also fall under NIS 2 such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation.