The ePrivacy Cybersecurity Seal is based on the NIS-2 directive and on the fundamental IT security aspects of the IT-Grundschutz Compendium developed by the BSI. The NIS-2 directive requires increased cyber and information security for companies operating in the critical infrastructure sector. Violations can result in fines of up to 10 million euros or 2% of annual turnover. KRITIS companies are also expected to oblige their service providers to implement the NIS-2 requirements.
We will publish the criteria catalogue here shortly and offer the new seal from Q1 2025.
The NIS 2 Directive (Network and Information Security Directive) is a revision of the original NIS Directive introduced by the European Union to improve cybersecurity in the EU. The NIS-2 Directive was adopted on 16 December 2020 and aims to respond to changing threats and challenges in the area of cybersecurity. EU member states must transpose the directive into national law by October 2024.
The NIS-2 Directive extends the scope of the original NIS Directive and expands the powers of the BSI. While the original directive only covered certain sectors such as energy, transport and health, the NIS-2 Directive covers a wider range of sectors, including public administrations, communication services, water management, food supply, space and more.
Objectives of the NIS-2 Directive:
- Improve resilience and cyber security capacities in critical infrastructure.
- Protect the EU from growing cyber threats.
- Promote a secure digital single market.
Overall, the NIS-2 Directive responds to increasing digitalisation and the associated cyber risks by raising and harmonising the standards for cyber security in the EU.
