Gäller NIS2 din organisation?

NIS2 delar in organisationer i två kategorier: Mycket kritiska organisationer och Andra kritiska organisationer. Direktivet omfattar 18 sektorer inklusive energi, transport, bank, hälsa & sjukvård, digital infrastruktur, ICT Service Management (t.ex. MSP:er och MSSP:er), och många fler.

Visste du att MSP:er omfattas av NIS2?

Ja, MSP:er och MSSP:er omfattas av NIS2 under kategorin ICT Service Management inom Digital infrastruktur, som är en sektor med mycket hög kritikalitet (Annex I).

Vad kräver NIS2 i praktiken?

NIS2 kräver: Riskhantering & skyddsåtgärder, Incidenthantering & rapportering, Ledningsansvar & styrning, samt Kontinuitet & återställning med planer för att hålla verksamheten igång och återställa vid allvarliga incidenter.

Hur kommer man igång med NIS2?

Kom igång med NIS2 i 4 enkla steg: 1) Bedöm omfattning, 2) Kartlägg nuläge, 3) Inför åtgärder och arbetssätt, 4) Följ upp och förbättra löpande genom att mäta, testa, revidera och stärka säkerheten över tid.

What is NIS2 —

and why does it matter?

The Network and Information Security Directive (NIS2) is the EU's updated cybersecurity directive that raises the requirements for organizations to work with risk management, incident reporting and continuity. The aim is to strengthen the shared resilience of the EU — especially for activities that are important for society and the economy.

Does NIS2 apply to your organization?

Did you know that ...?

Common Challenges We See

Get started with NIS2

How MSP Nordics can help

Does NIS2 apply to your organization?

NIS2 covers more sectors than before and divides activities into two main categories: highly critical and Other critical sectors. These are listed in the Annexes to the Directive (Annexes I and II) and form the basis for which organisations are subject to the requirements.

Even if your organization is not classified as “critical” per se, you can still be affected. Many organisations covered by NIS2 will need to set clearer requirements its suppliers and partners, particularly with regard to cybersecurity and supply chain risk management.

What is a “critical organization” according to NIS2?

NIS2 divides organizations into two categories:

Highly critical organizations
Other critical organizations

The basic safety requirements are essentially the same for both categories, but the degree of Supervision, follow-up and sanctions differ.

The category of an organization is determined, among other things, by nature and size of the business;. Factors such as number of employees, turnover and balance sheet — according to EU SME definitions — often play a decisive role in the assessment.

Did you know that MSPs are covered by NIS2?

The NIS2 Directive defines a total 18 sectors which may be subject to cybersecurity and incident reporting requirements. These are divided into two categories (Annex I and Annex II) and include, among others, essential services, digital infrastructure, public administration and IT-related services.

Sectors with very high criticality (Annex I)

These sectors are central to social and economic functioning, and are directly affected by NIS2.

Energy — e.g. electricity (producers, network operators, market participants), gas, oil, district heating/cooling and hydrogen.
Transport — air, rail, shipping and road and traffic management services.
Banking — credit institutions and similar financial operators.
Financial market infrastructure — trading venues, central counterparties and related actors.
Health & healthcare — healthcare providers, laboratories, pharmaceutical and medical device production.
Drinking water — suppliers and distributors of water for human consumption.
Wastewater — management and treatment of wastewater.
Digital infrastructure — including DNS and IXP providers, cloud services, data centres and network services.
ICT Service Management -- e.g. MSPs and MSPs (B2B IT Services Management).
Public administration — state and regional authorities/bodies.
Space — operators of ground-based infrastructure supporting space services.

Other critical sectors (Annex II)

In addition to the above, NIS2 also covers additional sectors considered important to the broader societal and economic infrastructure:

Postal and courier services — postal and courier service providers.
Waste Management — companies dealing with waste.
Manufacture, production and distribution of chemicals — chemical products and distribution.
Production, processing and distribution of food — food businesses.
Fabrication — manufacturing in several industrial segments (e.g. electronics, machinery, vehicles).
Digital providers — providers of digital platforms such as marketplaces and social networks, as well as online search engines.
researching — research organisations with a primary applied research and commercial focus.

What does NIS2 require in practice?

NIS2 sharpens the expectation that you will have a structured cybersecurity work. In practice, this is often about.

Risk Management & Safeguards

Policies, risk analyses, protections, procedures and controls commensurate with the level of risk.

Incident management & reporting

Ability to detect, manage and report incidents according to clear processes.

Management Responsibility & Governance

A clearer responsibility in the organisation to ensure that the safety work is actually carried out and followed up.

Continuity & Recovery

Plans to keep operations running and restore in case of serious incidents (backup/DR, crisis management, procedures).

Common Challenges We See

Systems and processes that do not connect as the business grows
Manual actions that create risk and take time
Unclear responsibilities between IT, operations, suppliers and management
Lack of traceability, follow-up and documented procedures

Get started with NIS2

— in 4 easy steps

1) Assess scope

Find out if you (or your customers) are covered — and what parts concern you.

2) Map the current situation

Identify risks, critical assets, dependencies and the biggest gaps.

3) Introducing measures and working methods

Build processes for risk management, incident management, access, continuity, and vendor governance.

4) Follow up and improve on an ongoing basis

Measure, test, revise and strengthen security over time — so that it becomes part of everyday life.

How MSP Nordics can help

We help MSPs and IT organizations translate requirements to practical implementation: from the current situation and structure to the choice of tools, implementation and working methods that last over time — focusing on creating impact in operations, support and control.

‍

Do you have any questions about NIS2 and how it affects your business?

Get in touch and we can talk more!