19/12/2024
In December 2022, the Council of the European Union and the European Parliament adopted the Network and Information Security Directive (NIS2), or Directive 2022/2555, concerning the security of networks and information systems. The aim is to strengthen security measures to counter increasingly frequent cyberattacks and establish broader cybersecurity requirements for all EU Member States. Since it is a directive and not a regulation, it could not be directly applied in Member States but had to be transposed into national legislation by October 17, 2024.
In this regard, in Italy, the draft Legislative Decree implementing the NIS2 Directive was preliminarily approved by the Council of Ministers in June 2024. Leviahub, always committed to ensuring maximum security for its solutions, has already taken steps to align with the new guidelines, providing secure environments for its clients and guiding them toward a risk-free business.
Hardware does not last forever and it is essential to upgrade Data Centres to keep up with an ever-changing market. Prevention, monitoring, and recovery are the three key concepts for compliance with regulations and maintaining competitiveness, and Leviahub, is ready to support you with the best services for your business.
NIS2, is an important evolution of the previous Network and Information Systems (NIS) Directive, which expands the EU's cybersecurity strategy to strengthen the cybersecurity of key entities within the organisation, responding to growing digital threats and protecting the internal market through stronger protocols and more robust governance frameworks.
The new directive focuses on four main action areas:
1. risk management and security measures
2. breach reporting and management
3. Supply Chain security
4. Cybersecurity training and awareness
It also introduces a few important innovations, including, for example: a broadening of the regulation's scope of application, the identification of public and private entities required to comply with cybersecurity standards (classifying them into ‘essential’ and ‘important’ categories according to their economic and social relevance), and the implementation of cooperation measures to support the coordinated management of large-scale cybersecurity incidents and crises on an operational level.
Leviahub, which has always been focused on regulatory and market developments to ensure maximum efficiency for its customers, offers all the tools to provide a high-grade security level for your computer systems and data. In a world where digital threats are constantly evolving, protecting your systems and taking the right precautions to anticipate possible risks becomes a top priority. This is why we have been working on the most sophisticated security measures for some time now and we are always adapting to new developments to keep up with the most advanced prevention systems.Thanks to a highly qualified team of cybersecurity experts and advanced technology, we are able to detect and neutralise the most insidious threats.
Risk management responsibilities
The NIS2 Directive states that cybersecurity and cyber security incident prevention are considered to be a responsibility of the top management of all companies; therefore, management bodies are required to monitor compliance with specific risk management measures and can be held liable for breaches in this area.
New Areas of Application
The Directive extends its scope to 18 sectors, both public and private, covering companies with at least 50 employees or an annual turnover or total annual balance sheet exceeding 10 million euros. In some cases, however, the Directive applies regardless of the size of the entity.
Risk Management Methods
Under the new Directive, responsible entities must implement appropriate and proportionate technical, operational, and organizational measures to manage security risks related to the networks and information systems used for their activities or service provision. These measures must also aim to prevent and mitigate the impact of potential incidents on service recipients and other related services. Companies must follow two operational phases to define the measures to adopt: first, an analysis phase to assess the circumstances of each case, considering human factors and the level of dependency on networks and information systems; second, the adoption of specific policies for risk and security analysis, backup and disaster recovery management, and crisis management.
Standardisation and Certification
Member States may require responsible entities to obtain certifications and/or use certified products. Product certification is based on European cybersecurity certification schemes under EU Regulation 2019/881 on cybersecurity. Additionally, the Directive allows the European Commission to implement delegated acts to mandate that specific categories of entities adopt certified technical solutions or obtain corresponding certifications. However, such measures can only be adopted if the Commission has previously identified insufficient cybersecurity levels and set a final deadline for implementation.
Violation Penalties
NIS2 requires Member States to impose financial penalties in case of violations of risk management measures and/or significant security incident reporting requirements.
With Leviahub you can face the digital world with confidence and peace of mind, knowing that you have a trusted partner at your side. Rely on us and stay updated with all the latest news to join the future of the Supply Chain in total security!
Merry Christmas from Leviahub Team
Merry Christmas from Leviahub Team
Don't fall for scam links
The easy, full cloud, complete and integrated transport software
Sustainability, safety and innovation: the event to write the transport future
For a full cyber security audit of your systems
.svg)
.svg)
.svg)
