Compliance NIS2: what do businesses need to know?

Eliminate security gaps by consolidating your management and security with an acknowledged leader in device management, encrypted access, endpoint security and compliance management.

Why Jamf for NIS2 compliance?

Use these resources to build your plan

Jamf for crisis control

Discover why an integrated approach to management and security is your best bet in keeping your devices and users safe.

Read paper.

Endpoint security leader

The Frost Radar™: 2023 Endpoint Security analysis named Jamf a leader in endpoint protection.

Read report.

Jamf Trusted Access

Discover Jamf’s vision for a zero-trust experience that users love and organizations know they can depend on.

Learn more.

.lazy {display:none !important;}

Security 360: Annual Trends Report

Each year, Jamf Threat Labs analyzes the threats impacting devices used in the modern workplace.

Discover evolving trends in endpoint compliance, data security and user privacy.

As the workforce continues to be distributed, learn how to evolve to meet requirements of endpoint compliance, ensuring data security and user privacy.

Read Report

.lazy {display:none !important;}

NIS2 Goals What is the NIS2 Directive?

This EU-wide legislation provides legal measures to boost the overall level of cybersecurity in the EU.

The Network and Information Security directive, commonly known as NIS, helps map out minimum security measurements that providers of digital and essential services have to adhere to. The number of sectors covered is increasing to 35, to reflect new sectors crucial for the economy and society.

It hopes to reduce inconsistencies across sectors, improve preparation and response capabilities and set rules and procedures in the event of a large-scale crisis.

Read our NIS2 FAQ

Affected industries

Essential sectors

Energy, space and transportation; banking, finance and public administration; healthcare and water supply/waste; digital infrastructure and B2B ICT service management.

Important sectors

Postal and courier services; waste management; chemical manufacture and distribution; food production and distribution; Manufacturing, research and digital providers.

.lazy {display:none !important;}

Key NIS2 requirements

Affected organizations must implement policies on:

Cyber strategy/governance, including:

Information security management
Cyber risk management and compliance awareness and training

Detection and response

Incident handling and reporting
Business continuity and crisis management

Infrastructure and application security

Infrastructure/network security
Secure development practices
Identity and access control
Third-party risk management

Read our NIS2 FAQ

Blog

EU ramps up its cybersecurity efforts with NIS 2

Blog

NIS2 Directive: What does it mean to security teams?

I'm already ISO 27001 compliant. Does that mean I'm NIS2 compliant from the get-go?

While ISO 27001 compliance demonstrates a strong commitment to information security management, it does not automatically ensure NIS2 compliance. NIS2 has specific requirements, particularly in areas such as incident reporting and risk management, that go beyond ISO 27001. Entities will need to assess their practices against NIS2's requirements to ensure full compliance. However, your ISO 27001 certification can provide a solid foundation for meeting some of the NIS2 requirements.

What steps should my organization take to comply with NIS2?

Organizations should start by conducting a gap analysis to identify areas where their current cybersecurity practices do not meet NIS2 requirements. Following this, they should implement necessary measures to address these gaps, which may include updating incident response plans, enhancing security measures, and ensuring timely incident reporting. Continuous monitoring and periodic reviews of compliance status are also crucial.

How does NIS2 impact incident reporting?

NIS2 mandates entities to report significant cyber incidents to the relevant national authority within a specific timeframe, which is typically much shorter than under the original directive. It emphasises the importance of timely reporting to ensure that appropriate measures can be taken to mitigate the impact of incidents.

Are there penalties for non-compliance with NIS2?

Yes, NIS2 introduces stricter penalties for non-compliance, which can include substantial fines. The exact penalties can vary depending on national implementation laws, but they are designed to be dissuasive and reflect the severity of non-compliance.

How does NIS2 relate to other EU regulations like GDPR?

NIS2 and GDPR complement each other, with GDPR focusing on the protection of personal data and NIS2 on ensuring a high level of cybersecurity. Organizations subject to both regulations must ensure they manage data securely and report any security incidents that could impact the confidentiality, availability, and integrity of personal data.

Where can I find more resources on NIS2 compliance?

The European Union Agency for Cybersecurity (ENISA) provides guidance and resources for NIS2 compliance. Additionally, national cybersecurity authorities in EU member states offer specific guidance and support for entities within their jurisdiction.

Can compliance with NIS2 offer competitive advantages?

Yes, demonstrating compliance with NIS2 can be seen as a mark of cybersecurity maturity and reliability, potentially offering a competitive advantage by increasing trust among customers and partners regarding your organization's commitment to cybersecurity.

Get started with Jamf.

Request Trial View plans and pricing.