{"id":643075,"date":"2025-05-16T14:14:55","date_gmt":"2025-05-16T11:14:55","guid":{"rendered":"https:\/\/eba.com.ua\/?p=643075"},"modified":"2025-05-16T14:17:40","modified_gmt":"2025-05-16T11:17:40","slug":"bdo-v-ukrayini-pro-nis2-yevropejskyj-ta-natsionalnyj-zakonodavchyj-akt-pro-kiberbezpeku-organizatsij","status":"publish","type":"post","link":"https:\/\/eba.com.ua\/en\/bdo-v-ukrayini-pro-nis2-yevropejskyj-ta-natsionalnyj-zakonodavchyj-akt-pro-kiberbezpeku-organizatsij\/","title":{"rendered":"[:ua]BDO \u0432 \u0423\u043a\u0440\u0430\u0457\u043d\u0456 \u043f\u0440\u043e NIS2 \u2014 \u0404\u0432\u0440\u043e\u043f\u0435\u0439\u0441\u044c\u043a\u0438\u0439 \u0442\u0430 \u043d\u0430\u0446\u0456\u043e\u043d\u0430\u043b\u044c\u043d\u0438\u0439 \u0437\u0430\u043a\u043e\u043d\u043e\u0434\u0430\u0432\u0447\u0438\u0439 \u0430\u043a\u0442 \u043f\u0440\u043e \u043a\u0456\u0431\u0435\u0440\u0431\u0435\u0437\u043f\u0435\u043a\u0443 \u043e\u0440\u0433\u0430\u043d\u0456\u0437\u0430\u0446\u0456\u0439[:en]BDO in Ukraine on NIS2 \u2014 European and national legislation on the cyber security of organisations[:]"},"content":{"rendered":"

<\/p>\n

\"\"<\/p>\n

The new European directive\u00a0Network and Information Security Directive 2 (NIS2)<\/em>\u00a0became effective in European Union (EU) legislation on 17 October 2024.<\/p>\n

The new directive imposes significant requirements on levelling up the cybersecurity capabilities of organisations in various sectors that are characterised as essential or important.<\/p>\n

NIS2 enhances EU network and information systems security by requiring critical infrastructure operators to implement a minimum set of cybersecurity standards and report on cyber incidents. It expands NIS’s scope, covering more organisations and industries, and its objective is to improves supply chain security, streamline reporting, and enforce stricter measures and sanctions across Europe for a safer and more secure Europe.<\/p>\n

These mandatory, risk-based cybersecurity<\/a> standards can effectively contribute to a stronger cybersecurity security posture for organisations who adopt and adhere to the standards, many of which are likely part of an established cybersecurity policy. Failure to comply with these mandatory standards may result in significant fines.<\/p>\n

\"\"<\/p>\n

How it works<\/strong><\/p>\n

As NIS2 is not equally applicable to everyone, we offer a brief overview of this European Directive on Network and Information Security. We explain the essence of NIS2 and who it is important for. Discover the requirements and best practices for compliance with NIS2.<\/p>\n

What is it for?<\/strong><\/p>\n

The NIS2 imposes security requirements that are grouped under duty of care, reporting obligation, and supervision, and are already relatively concrete before they are formalised in national legislation. These include, among others, the concrete lists of measures from Article 21 and the significant fines from Article 34 (4). Read more in the directive:\u00a0EUR-Lex \u2013 32022L2555 (europa.eu)<\/a>. In addition, there are a number of other notable elements such as security in the supply chain, responsibility of management bodies, and training obligations.<\/p>\n

Where do you stand?<\/strong><\/p>\n

To ensure that your organisation is ready for these legal cybersecurity requirements in time, it is important to start with the right preparations now. Although the requirements have not yet been formalised in national legislation, it is clear which direction it is heading, and the parallels with existing frameworks and good practices such as ISO 27001.<\/p>\n

For whom does it apply?<\/strong><\/p>\n

Organisations that will fall under the new European directive Network and Information Security Directive 2 (NIS2) include energy companies, airlines, water companies, digital service providers, government agencies, and their suppliers. To check if your organisation falls under this directive, it is recommended that you consult information from your local government. If you have any questions, please feel free to contact us for expert advice and support.<\/p>\n

Which type of organisations does it impact?<\/strong><\/p>\n

The NIS2 directive is aimed at more types of companies and organisations than the first NIS directive. This means that there are now more public and private organisations that must comply with the rules.<\/p>\n

The organisations now covered by the NIS2 directive include:<\/p>\n

Annex 1 sectors:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/p>\n