NIS 2.0 against cyberattacks: How do you safeguard your organization?


Deliver more cybersecurity for your business with NIS 2.0

In our globalized economy nowadays, information technology (IT) is crucial for business success. NIS 2.0 is designed to support companies within the EU in securing their IT infrastructure.

But at the same time, there is a threat of financial sanctions if, for example, reporting obligations are violated. Timely implementation of the directive offers companies the opportunity to protect their systems not only reactively and to recognize attack patterns, but to proactively prevent cyber attacks.

The German government plans to have implemented the directive into national law by October 2024. This means that there is an urgent need for European companies to take action.


What's NIS 2.0 about?

NIS 2.0 is an EU directive aimed at improving the cybersecurity of companies in certain sectors. The directive calls for closer cooperation and coordination between EU member states and between companies and authorities. A European Cyber Crisis Liaison Network (EU – CyCLONe) will be created, which will be responsible for coordinating major cybersecurity incidents and sharing information between member states and EU institutions. Reports must be received there within 24 hours.

Does the directive apply to my organization?

The directive applies to companies

  1. with their registered office in an EU member state
  2. with more than 50 employees
    or more than 10 million euros in annual sales,
  3. in the sectors of energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, ICT service management (B2B), public administrations, space, postal and courier services, waste management, manufacturing, production and distribution of chemicals, food production, processing and distribution, manufacturing, digital providers and research.

When does NIS 2.0 come into force?

The EU Parliament approved the NIS 2.0 draft on November 10, 2022, and the Council on November 28, 2022, bringing NIS 2.0 into force and replacing the previous NIS Directive. EU member states must transpose the regulations into national law through their own legislation by October 2024, within 21 months.

The German government plans to bring the national law into force by October 2024. Experts assume an implementation period of at least 12 months, while some specialist publications speak of a maximum of 18 months. By the end of this period, all companies must have implemented the directive.

When does NIS 2.0 come into force?

The sanctions and fines are significantly more severe and can be up to a maximum of 10 million euros or 2% of total annual global turnover.

Companies are responsible for their entire information security supply chain. This means that it must also be ensured that upstream companies also comply with the rules (e.g., electronic ordering and payment transactions).


The advantages of an early implementation for your business

01 / 06

Improved cybersecurity

The NIS 2.0 policy establishes stringent security requirements that help companies better protect their systems and data. This helps reduce the likelihood of cyberattacks and data breaches, and increases customer confidence in the company.

02 / 06

Risk mitigation from cyber attacks

By complying with the NIS 2.0 policy, companies can identify and avoid potential risks early on, which contributes to better overall risk mitigation. This can help reduce costs and liability risks associated with data breaches or cyberattacks.

03 / 06

Competitive edge

Companies that quickly implement the NIS 2.0 directive can gain a competitive advantage. Consumers are becoming increasingly aware of the privacy and security of their personal data. Companies that take these concerns seriously and take steps to protect their systems and data can gain a better reputation with potential customers.

04 / 06

Compliance with legal requirements

The implementation of the NIS 2.0 directive helps companies to comply with legal requirements related to cybersecurity and data protection. Failure to comply with these requirements can result in heavy fines and reputational damage.

05 / 06

Improved cooperation across the EU

The NIS 2.0 Directive calls for closer cooperation and coordination among EU member states and between businesses and public authorities. Early implementation can help improve this collaboration and create a better understanding of cybersecurity threats and their impact on businesses and society

06 / 06

Strengthening customer trust

Customers trust companies that have a strong cybersecurity strategy. When companies improve their cybersecurity, they show their customers that they protect their data and respect their privacy.

NIS 2.0 Lebensmittelindustrie_1

NIS 2.0: A necessary approach for the food industry

As a company in the food industry, you can particularly benefit from an early implementation of the directive. By implementing a comprehensive security concept, you can not only minimize the risks of cyber attacks, but also strengthen your customers’ trust in your products and services.


Nortal services

Nortal is your expert partner when it comes to implementing the NIS 2.0 directive quickly and effectively. We offer you comprehensive consulting and support. Our team of experts will help you develop a customized solution that is precisely tailored to your company’s needs.


Our success factors for implementation

01 / 06

Analysis of the current IT security situation

We support your company in analyzing the IT security situation and identifying weak points. On this basis, we can make recommendations and develop measures to sustainably strengthen your IT security.

02 / 06

Planning and implementation of NIS 2.0 measures

We help you develop a comprehensive plan for implementing NIS 2.0 measures. This includes selecting appropriate technologies and implementing security protocols and procedures.

03 / 06

Employee training

We train and sensitize your employees to create a high level of IT security awareness in the company. This includes training on identifying threats and implementing security protocols.

04 / 06

Monitoring and maintenance of IT systems

We help you monitor and maintain your IT systems to ensure you are continuously protected and up to date.

05 / 06

Quick Security Check

Initial, quick ad-hoc analysis of whether your company is obligated under the NIS 2.0 directive and what measures are required. During a workshop, we record the current IT situation and already existing cybersecurity measures in your organization.

06 / 06


With access to an international talent pool resource, Nortal has the ability to bring the best minds from different regions into the project.


NIS 2.0: Those who act now, win

In this article, you will learn why the timely implementation of the NIS 2.0 directive is an opportunity for all affected companies to future-proof their own cybersecurity.


What can you do to protect your company from cyber attacks? We are ready to assist you.

Oliver Kaiser

Oliver Kaiser

Oliver Kaiser is Business Development Lead at Nortal AG. He is responsible for establishing and developing business relationships.