Domestic companies that deviate from the EU cyber protection directive risk significant penalties

In January of this year, the NIS2 directive entered into force, which the member states of the European Union must transpose into their own legal systems by 2024 in order to effectively combat the spectacularly growing cyber threats. The regulations apply to companies employing at least 50 people or with an annual turnover exceeding EUR 10 million, as well as to all organizations that perform an essential function for the economic and social development of the EU. Such critical sectors include energy, transport, healthcare, drinking water, waste water and communication services, outsourced ICT services, space research, and digital infrastructure. Postal and courier services, food production, processing and distribution, research, waste management, chemical production and distribution, and digital services were also among the priority activities.