NIS2 Implementation: Key Steps for Compliance Professionals

London intellectual property partner Huw Beverley-Smith, associate Charlotte Perowne and trainee solicitor Emily Evans coauthored an article for Thomson Reuters Regulatory Intelligence (TRRI) News detailing the necessary steps compliance professionals should take before the Network and Information Systems Directive (NIS2) takes effect in October. 

The NIS2 focuses on addressing cybersecurity threats and covers a broader scope of entities than its predecessor, such as social media platforms and medical manufacturing. The authors provide a guide on how organizations can ensure compliance with the new directive, including the completion of a gap analysis to assess conformity. They also advise the creation of a risk assessment system, with protocols ranging from identifying potential risks to the integration of multi-factor authentication and encryption measures. 

Further, the authors note that entities will be required to meet strict incident reporting requirements under NIS2. Beverley-Smith, Perowne and Evans suggest the creation of substantive training and security measures to avoid the fines instituted by the new directive. 

Published by Thomson Reuters Regulatory Intelligence news on Aug. 5, 2024.