Domestic companies that deviate from the EU cyber protection directive risk significant penalties

By: Trademagazin Date: 2023. 11. 15. 11:10

A couple of weeks and they will start registering the domestic companies covered by NIS2, i.e. the revised EU cyber protection directive, EY points out. Companies that do not prepare in time to deal with IT security incidents can be fined up to 2 percent of sales revenue, and they can even ban the managers of organizations that violate the rules from management.

In January of this year, the NIS2 directive entered into force, which the member states of the European Union must transpose into their own legal systems by 2024 in order to effectively combat the spectacularly growing cyber threats. The regulations apply to companies employing at least 50 people or with an annual turnover exceeding EUR 10 million, as well as to all organizations that perform an essential function for the economic and social development of the EU. Such critical sectors include energy, transport, healthcare, drinking water, waste water and communication services, outsourced ICT services, space research, and digital infrastructure. Postal and courier services, food production, processing and distribution, research, waste management, chemical production and distribution, and digital services were also among the priority activities.