NIS2 Directive Compliance
Sphynx’s Comprehensive Approach to EU Cybersecurity Compliance
What is NIS2?
The Network and Information Systems Directive 2 (NIS2, Directive 2022/2555) is the European Union’s enhanced cybersecurity legislation that replaces and strengthens the original NIS Directive. It aims to achieve a high common level of cybersecurity across the EU by improving the resilience and incident response capabilities of both public and private entities.
Directive (EU) 2022/2555, known as NIS 2, was incorporated into the Greek legal order by Law 5160/2024, which was published in Government Gazette A’ 195/27.11.2024. Non-compliance with the law entails significant fines that can reach up to 10 million euros or 2% of the company’s annual turnover, while there are additional administrative fines for the management of the entity that is subject to the law.
Key Objectives
The NIS2 Directive identifies two major categories of entities that fall within its scope and specifies corresponding compliance obligations.
NIS2 Goals
- Establish a unified legal framework for cybersecurity across 18 critical sectors.
- Strengthen supply chain security.
- Enhance cross-border cooperation and information sharing.
- Ensure consistent enforcement across member states.
- Improve incident response capabilities.
Entity Categories
High Criticality Sectors
- Energy (electricity, heating, oil, gas, hydrogen)
- Transport (air, rail, water, road)
- Banking and financial market infrastructures
- Healthcare and pharmaceutical manufacturing
- Water management
- Digital infrastructure
- Public administration
- Space sector
Other Critical Sectors
- Postal and courier services
- Waste management
- Chemical manufacturing
- Food production
- Manufacturing of medical devices and electronics
- Digital service providers
- Research organisations
Core Requirements
Risk Management
- Incident management systems
- Supply chain security
- Network security enhancements
- Access controls
- Encryption implementation
Corporate Accountability
- Management oversight of cybersecurity
- Board-level responsibility
- Training requirements for management
- Potential penalties for non-compliance
Reporting Obligations
- 24-hour “early warning” system
- Detailed incident reporting
- Regular compliance reporting
- Cross-border information sharing
Business Continuity
- System recovery plans
- Emergency procedures
- Crisis response teams
- Backup and redundancy systems
Your Partner for NIS2 Compliance
At Sphynx, we provide comprehensive solutions for cyber risk management, enabling our clients to achieve and maintain NIS2 compliance through innovative technologies, cutting-edge tools, services, and training.
Risk Management & Assessment
- Asset Inventory & Mapping: Comprehensive tracking of all assets including software, hardware, data, business processes, and physical assets, with support for asset relationships and dependencies.
- Vulnerability Management: Periodic static vulnerability assessments and continuous monitoring through CTI (Cyber Threat Intelligence).
- Supply Chain Security: Asset-level dependency analysis and risk assessment.
- Incident Response Planning: CACAO playbooks for managing incidents and ticketing system integration.
Compliance & Reporting
- Audit & Reporting: Comprehensive risk reporting covering assets, vulnerabilities, and incidents.
- Training and Awareness: Regular staff training through our CR Platform.
- Incident Notification: Integrated ticketing system for incident reporting.
Service Plans
| Offerings | Silver | Gold | Platinum |
|---|---|---|---|
| Static vulnerability assessments | • | • | • |
| Access to CTI vulnerabilities stream | • | • | • |
| Asset modelling and ingestion (software, hardware, data, business processes, people, physical assets) | • | • | • |
| Asset-level risk identification & mitigation from third-party suppliers and service providers | • | • | • |
| Compliance report & audit trails | • | • | • |
| Periodic static vulnerability assessments | • | • | |
| Continuous monitoring through CTI | • | • | |
| Ticketing (outside SOC) | • | • | |
| Incident notification systems | • | • | |
| Enhanced reporting capabilities | • | • | |
| Staff training and awareness programmes | • | • | |
| Advanced incident response planning with CACAO playbooks | • | ||
| Full risk response measures | • | ||
| Legal compliance support for supply chain security requirements | • | ||
| Policy and governance review support | • |
Resources
Download the NIS2 Directive Datasheet
Looking for a more detailed overview of our services related to NIS2? Download our Datasheet and let us know if you are interested to learn more.
Our technologies
Sphynx SPA Suite
Integrated, comprehensive platform designed to deliver robust cybersecurity risk management for enterprise systems.
Sphynx Cyber Range
A safe testing and training ground for preparing employees for all possible scenarios.
Need to learn more about our offerings?
Book a meeting with us in order to find out how your organisation can take advantage of our integrated cybersecurity services.
Explore your cybersecurity needs and solutions
Our team of experts can assist you in identifying your cybersecurity risks and set up a plan to protect, detect, and respond to them.
