NIS2 – stricter cybersecurity requirements

The NIS directive went into effect in August 2016 with the aim to create an overall higher level of cybersecurity in the EU. The political agreement of NIS2 was formally adopted by the Parliament and then the Council in November 2022. The directive includes a new set of cybersecurity obligations for organizations across many sectors.

On March 10, Swedsoft invites you to a digital seminar with Tommy Forsell, Ministry of Defense on the theme NIS2.

The original NIS directive applied to organizations in seven sectors, the new NIS2 directive adds eight extra: providers of public electronic communications networks or services, Wastewater and waste management, manufacturing of certain critical products, food, digital services, space, postal and courier services as well as public administration.

Big differences

The NIS2 require that more organizations comply with stricter cybersecurity requirements. Compared to its predecessor, NIS2 places high demands on the governing bodies such as the company boards. According to Article 20, “members of the management bodies of essential and important entities” must undergo training and member states must encourage significant entities to regularly offer similar training to their employees, so that they acquire sufficient knowledge and skills to be able to identify cybersecurity risks.

The measures shall include “at least” the following:

  • policies on risk analysis and information system security;
  • incident handling;
  • business continuity, such as backup management and disaster recovery, and crisis management;
  • supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers;
  • security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;
  • policies and procedures to assess the effectiveness of cybersecurity risk-management measures;
  • basic cyber hygiene practices and cybersecurity training;
  • policies and procedures regarding the use of cryptography and, where appropriate, encryption;
  • human resources security, access control policies and asset management;
  • the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate.

Read about NIS2 here.


News


Webinar series on Labor immigration

Labor immigration, extended work permits and shortened lead times have long been important issues for Swedsoft’s members. Swedsoft has worked

NIS2 – stricter cybersecurity requirements

On March 10, Swedsoft invites you to a digital seminar with Tommy Forsell, Ministry of Defense on the theme NIS2.

Open for the climate

On their website you can find a large number of courses in, among other things, computer science, circular economy, battery

Christmas greetings from Swedsoft

This is summary of the Swedish article In January we kicked off the spring with the workshop Gathering of Software Sweden