The European NIS2 directive (Network and Information Security Directive), in force since 2023 and fully operational from 17 October 2024, is a fundamental step for cybersecurity in Europe. The goal is clear: to raise the resilience of digital infrastructures, extending security obligations to a far wider range of entities than the previous NIS1.
Who is involved
NIS2 applies not only to operators of essential services, but also to medium and large companies operating in strategic sectors such as:
- Energy, transport, banking and finance;
- Healthcare and drinking water;
- Digital infrastructure and cloud services;
- Public administration;
- ICT and Managed Services Providers.
What it requires
Affected organisations must adopt advanced technical and organisational measures for information security, implement incident management and business continuity procedures, carry out periodic risk analysis, promptly report significant incidents to the authorities, and ensure their supply chain meets the same requirements.
Penalties
NIS2 introduces a strict sanctions regime: up to €10 million or 2% of global annual turnover (whichever is higher), with possible direct liability of directors in case of non-compliance.
How Valuemate can help
Valuemate supports companies on their compliance path through security assessments to identify gaps and priorities, definition of policies and procedures aligned with international standards (ISO 27001, ISO 22301), integrated technology solutions for perimeter, endpoint, cloud and identity protection, and staff training to reduce human risk.
NIS2 is not just a regulatory obligation, but an opportunity to strengthen digital resilience and protect the value of the business.
Want to learn more?
Discover how we integrate these solutions into Valuemate's Digital Workplace and Service Desk services.
Talk to an expert