NIS2 – stricter cybersecurity requirements

The NIS directive went into effect in August 2016 with the aim to create an overall higher level of cybersecurity in the EU. The political agreement of NIS2 was formally adopted by the Parliament and then the Council in November 2022. The directive includes a new set of cybersecurity obligations for organizations across many sectors.

On March 10, Swedsoft invites you to a digital seminar with Tommy Forsell, Ministry of Defense on the theme NIS2.

The original NIS directive applied to organizations in seven sectors, the new NIS2 directive adds eight extra: providers of public electronic communications networks or services, Wastewater and waste management, manufacturing of certain critical products, food, digital services, space, postal and courier services as well as public administration.

Big differences

The NIS2 require that more organizations comply with stricter cybersecurity requirements. Compared to its predecessor, NIS2 places high demands on the governing bodies such as the company boards. According to Article 20, “members of the management bodies of essential and important entities” must undergo training and member states must encourage significant entities to regularly offer similar training to their employees, so that they acquire sufficient knowledge and skills to be able to identify cybersecurity risks.

The measures shall include “at least” the following:

  • policies on risk analysis and information system security;
  • incident handling;
  • business continuity, such as backup management and disaster recovery, and crisis management;
  • supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers;
  • security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;
  • policies and procedures to assess the effectiveness of cybersecurity risk-management measures;
  • basic cyber hygiene practices and cybersecurity training;
  • policies and procedures regarding the use of cryptography and, where appropriate, encryption;
  • human resources security, access control policies and asset management;
  • the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate.

Read about NIS2 here.


Swedsoft on increased competence in security issues at universities

Swedsoft recently submitted feedback on the Memorandum on Ökad kompetens i säkerhetsfrågor vid universitet och högskolor, §7.1 & 7.2. (Increased

Kodcentrum joins Swedsoft

This is a summary of the Swedish article. “Through this partnership, we can leverage industry insights and resources to enhance

Access Webinar Recording: Multi-Concern Assurance and Compliance in Cybersecurity & Safety

The webinar discussed the multi-concern assurance and compliance needs that characterize safety-critical domains. Barbara made an in-depth and single domain-focused

Swedsoft on the future of vocational education

The investigation named “Framtidens yrkeshögskola – stabil, effektiv och hållbar” (SOU 2023:31)” (SOU 2023:31) was conducted between 2022 and 2023