Ensure your business is NIS2 compliant

Explore solutions that will help you protect data and meet regulatory obligations

Arrange consultations

NIS2 – key information for IT specialists

What is NIS2?

The NIS2 directive is an amendment to the existing cybersecurity law in the European Union. The introduced regulations cover a larger group of companies than before, obliging them to apply stringent procedures related to risk management and incident response.

Fines for NIS2 violations

Failure to comply with the obligations arising from NIS2 may result in severe penalties for companies of up to 10 million euros or at least 2% of annual turnover (whichever is higher).

What does NIS2 mean for your business?

NIS2 imposes the following obligations on companies to which it applies, including:

guaranteeing an appropriate level of security for networks and information systems

risk analysis (including determining the baseline for this aspect)

establishing incident response procedures

managing the continuity of system operations

raising employee awareness of cybersecurity through regular training

ensuring security in the supply chain

FOTC will help you achieve NIS2 compliance

Migration to Google Workspace

The service meets all the security requirements needed in enterprises that are subject to special restrictions regarding the protection of processed information.
Data is encrypted both at rest and in transit.
System continuity is ensured with an SLA of 99.9999%.
Encrypted files are stored in multiple data centres, which means they will not be lost even in the event of a failure or accidental event in one of them.

Google Workspace security monitoring

FOTC specialists monitor the security of the service 24/7.
Properly configured alerts enable immediate preventative action.
Support from FOTC reduces the need to involve internal IT resources.
Strict procedures have been developed in case of incidents.

Answer 3 questions and find out if NIS2 applies to your company

Take the quiz

Training for admins and users

We show administrators how to properly secure the company instance against data leaks and external attacks.
We raise user awareness by explaining how to recognize threats and protect their accounts during their daily work.
Our training is workshop-based, so participants can immediately put their newly acquired knowledge into practice.
The training program is developed based on real attacks and phishing attempts that have occurred in the past.

Google Workspace security audit

The service allows you to determine the baseline security settings of your Google Workspace instance in terms of its protection against data leaks, cyberattacks, and malicious employee actions.
The verification includes a detailed analysis of up to 237 risk points within eleven key areas.
As a client, you receive a detailed report of the work, along with an indication of the priority for implementing individual recommendations.
FOTC technicians can configure the recommended changes in the console for you.

These companies relied on our expertise to stay secure:

We'll show you how to easily meet your regulatory obligations

Talk to an expert

FAQ

The Network and Information Security Directive (NIS2) is an amendment to the current cybersecurity regulations in the countries belonging to the European Union. Its aim is to enhance the protection of networks and information systems across the EU. Entities covered by the new law are required to implement a number of cybersecurity and incident reporting measures. You can find detailed information about NIS2 in our article.

The new law aims to strengthen the cyber resilience of the European Union, including through the implementation of a uniform standard of security for networks and information systems in the member states of the community. These changes are a response to the expanded range of digital threats that have emerged in Europe in recent years.

The new directive must be applied by all organisations (both private and public) that operate within the European Union and provide essential services to the market. Examples include transport companies, food producers, internet and other digital service providers, public administration units, and entities processing waste. At the same time, these entities must be classified as large or medium-sized enterprises, meaning they must exceed or meet all of the following conditions:

  • employ between 50 and 250 people,
  • have annual turnover between 10 and 50 million euros and a total annual balance sheet between 10 and 43 million euros.
Importantly, a company may be subject to the NIS2 directive regardless of its size if it plays an important role in one of the key sectors for the functioning of the state.

Companies covered by NIS2 are obligated to implement cybersecurity risk management measures, including but not limited to:

  • Guaranteeing an appropriate level of security for networks and information systems
  • Conducting risk analysis (including determining the baseline for this aspect)
  • Developing procedures for handling incidents
  • Managing the continuity of system operations
  • Raising employee awareness of cybersecurity through regular training
  • Ensuring security in the supply chain

Depending on the classification of the company, for failure to fulfil the obligations imposed by NIS2, companies face administrative penalties of up to 10 million euros or 2% of total annual turnover (for essential entities) and 7 million euros or 1.4% of total annual turnover (for important entities). The directive also provides for the possibility of imposing periodic financial penalties.