NIS2 Directive
Sphynx’s Comprehensive Approach to EU Cybersecurity Compliance
What is NIS2?
The Network and Information Systems Directive 2 (NIS2, Directive 2022/2555) is the European Union’s enhanced cybersecurity legislation that replaces and strengthens the original NIS Directive. It aims to achieve a high common level of cybersecurity across the EU by improving the resilience and incident response capabilities of both public and private entities.
Directive (EU) 2022/2555, known as NIS 2, was incorporated into the Greek legal order by Law 5160/2024, which was published in Government Gazette A’ 195/27.11.2024. Non-compliance with the law entails significant fines that can reach up to 10 million euros or 2% of the company’s annual turnover, while there are additional administrative fines for the management of the entity that is subject to the law.
Key Objectives
NIS2 covers two categories of entities across critical sectors:
High Criticality Sectors
- Energy (electricity, heating, oil, gas, hydrogen)
- Transport (air, rail, water, road)
- Banking and financial market infrastructures
- Healthcare and pharmaceutical manufacturing
- Water management
- Digital infrastructure
- Public administration
- Space sector
Other Critical Sectors
- Postal and courier services
- Waste management
- Chemical manufacturing
- Food production
- Manufacturing of medical devices and electronics
- Digital service providers
- Research organisations
NIS2 Goals
- Establish a unified legal framework for cybersecurity across 18 critical sectors.
- Strengthen supply chain security.
- Enhance cross-border cooperation and information sharing.
- Ensure consistent enforcement across member states.
- Improve incident response capabilities.
Core Requirements
Risk Management
- Incident management systems
- Supply chain security
- Network security enhancements
- Access controls
- Encryption implementation
Corporate Accountability
- Management oversight of cybersecurity
- Board-level responsibility
- Training requirements for management
- Potential penalties for non-compliance
Reporting Obligations
- 24-hour “early warning” system
- Detailed incident reporting
- Regular compliance reporting
- Cross-border information sharing
Business Continuity
- System recovery plans
- Emergency procedures
- Crisis response teams
- Backup and redundancy systems
Your Partner for NIS2 Compliance
At Sphynx, we provide comprehensive solutions for cyber risk management, enabling our clients to achieve and maintain NIS2 compliance through innovative technologies, cutting-edge tools, services, and training.
Risk Management & Assessment
- Asset Inventory & Mapping: Comprehensive tracking of all assets including software, hardware, data, business processes, and physical assets, with support for asset relationships and dependencies.
- Vulnerability Management: Periodic static vulnerability assessments and continuous monitoring through CTI (Cyber Threat Intelligence).
- Supply Chain Security: Asset-level dependency analysis and risk assessment.
- Incident Response Planning: CACAO playbooks for managing incidents and ticketing system integration.
Compliance & Reporting
- Audit & Reporting: Comprehensive risk reporting covering assets, vulnerabilities, and incidents.
- Training and Awareness: Regular staff training through our CR Platform.
- Incident Notification: Integrated ticketing system for incident reporting.
Resources
Download the NIS2 Directive Datasheet
Looking for a more detailed overview of our services related to NIS2? Download our Datasheet and let us know if you are interested to learn more.
Need to learn more about our offerings?
Book a meeting with us in order to find out how your organisation can take advantage of our integrated cybersecurity services.
Explore your cybersecurity needs and solutions
Our team of experts can assist you in identifying your cybersecurity risks and set up a plan to protect, detect, and respond to them.
