The NIS-2 directive is the new Cyber Security regulation

Phishing attacks. Ransomware. Data breaches. Spoofing. Human errors resulting in exposure.
The NIS2 Directive is the result of – and the necessity for – this new cyber threat landscape.

SEE ALL PRODUCTS FOR SECURITY AND CRYPTOGRAPHY LIBRARIES FOR EMBEDDED SYSTEMS 

SEGGER's cryptographic and security libraries have been built from the ground up for embedded systems

PRODUCTS:

• emSecure - emSecure is a digital signature suite for embedded systems to protect vital products and assets, offering 100% protection against hacking. (...)
• emSSH - The emSSH Secure Shell software library is designed to provide secure logon to an embedded system. It shares the emCrypt cryptography library with emSSL, emSecure-RSA, and emSecure-ECDSA, which reduces ROM requirements. (...)
• emSSL - emSSL provides comprehensive support for the latest TLS protocols, offering advanced features without the constraints of open-source or attribution-required licenses. It can be seamlessly integrated into free, commercial, or proprietary products without the need to disclose the combined source code. (...)
• emCrypt - emCrypt is a secure and efficient implementation of essential cryptographic algorithms specifically designed for embedded systems. (...)
• emLoad - emLoad is SEGGER's embedded bootstrap loader for embedded systems. It facilitates the process of updating firmware. (...)

But what is the NIS2 Directive all about? And how do you prepare for it – in time?

NIS2 Directive is the new Cyber Security regulation

In January 2023, the European Union adopted a new version of the Network and Information Security Directive (NIS2).

Why did the EU do this?

The EU carried out a review of the original NIS Directive, leading to 4 key issues:

• Insufficient cyber resilience of businesses;
• A lack of joint crisis response amongst Member States and between businesses;
• Insufficient common understanding of the main threats and challenges;
• Inconsistent resilience amongst Member States.

NIS2 defines two categories for entities in scope: important and essential

Entities in both categories will have to meet the same requirements. However, the distinction will be in the supervisory measures and penalties.

Essential entities will be required to meet supervisory requirements as of the introduction of NIS2, while the important entities will be subject to ex-post supervision, meaning that in case authorities receive evidence of non-compliance, action is taken.

The NIS2 has simplified the scoping exercise the competent authorities have to make.
A list of sectors was defined and a base rule of any large (headcount over 250 or more than 50 million revenue) or medium (headcount over 50 or more than 10 million revenue) enterprise from those sectors will be directly included in the scope.However, small or micro-organizations are not necessarily excluded; Member States can extend these requirements if an enterprise fulfills specific criteria that indicate a key role for society, the economy or for particular sectors or types of service.

How to prepare for NIS2 Directive?

Discover the key updates the second iteration of the Network and Information Systems Directive brings and how your organization can prepare.

In brief

• NIS2 aims to get the EU up to speed and establish a higher level of Cyber Security and resilience within organizations of the European Union.
• The new Directive brings into scope more sectorsand focuses on providing guidelines to ensure uniform transposition in local law across EU member states.
• Organizations should start preparing by defining their compliance roadmap and optimizing their Cyber Security awareness.

IMPORTANT!