NIS2 Directive: Changes for French companies and administrations

The NIS2 directive, adopted by the European Union in January 2023, imposes a reinforced cybersecurity framework to better respond to growing cyberthreats. In October 2024, this directive will become unavoidable for many companies and administrations in France, requiring them to adopt precise IT security measures. Solutions such as Carto-SI are invaluable allies in ensuring rapid and effective compliance.

NIS2 Directive: responding to growing cyberthreats

NIS2 (Network and Information Systems Directive) is a European directive designed to standardize cybersecurity standards across member states. By extending its scope to a variety of sectors, including energy, transport, healthcare and even public administrations, it aims to make critical infrastructures more resilient to cyber-attacks. In particular, this framework requires incident management, increased security of supply chains, and a general strengthening of cybersecurity.

What are the new obligations?

Risk and incident management

Under the NIS2 directive, companies must now have effective risk management systems in place. This includes setting up incident response plans and securing critical infrastructures. These obligations include

• Real-time incident management: organizations must be able to detect, track and document security incidents rapidly, notably by using IS mapping tools such as Carto-SI to centralize information.
• Incident reporting: a report to the authorities must be made within 24 hours of the detection of a major incident. This requires effective monitoring capabilities.

Infrastructure and supply chain protection

To guarantee comprehensive security, NIS2 also places emphasis on supply chain protection, requiring companies to continuously monitor and assess the risks associated with their suppliers.

Penalties for non-compliance

Non-compliance with the NIS2 directive can result in significant fines, up to €10 million or 2% of the entity’s worldwide sales. These penalties are designed to encourage companies to invest proactively in robust cybersecurity measures, aligned with European standards, to avoid costly fines and loss of reputation.

Carto-SI: a solution for NIS2 compliance

NIS2 compliance requires powerful monitoring and analysis resources, and that’s where Carto-SI comes in. As an information systems mapping solution, it facilitates the analysis of IT infrastructures and compliance with the new NIS2 requirements.

Centralized, compliant documentation

One of the main challenges of NIS2 is the complete documentation of information systems and cybersecurity measures. Carto-SI enables you to centralize all the necessary information on your IT infrastructure, making it easier to demonstrate compliance during audits.

Benefits include :

• Real-time incident tracking: Carto-SI helps track incidents as soon as they occur, ensuring rapid information updates.
• Integrated risk management: by documenting supply chain and infrastructure vulnerabilities, Carto-SI facilitates proactive risk management.

Simplified compliance and optimized auditing

During NIS2 audits, Carto-SI provides a global view of the IT infrastructure, which can be used directly to prove compliance. This solution eliminates the need to produce additional documentation, as documentation is integrated and continually updated.

A scalable, collaborative tool

Carto-SI is designed to evolve with regulatory requirements. In the face of dynamic requirements such as NIS2, this platform enables documentation to be adjusted on an ongoing basis, ensuring that all data is up to date for any inspection or audit.

Rapid management of compliance reports

With the strict obligation to report incidents within 24 hours, Carto-SI generates detailed reports on incidents, risk management and corrective actions taken, contributing to efficient compliance with regulatory deadlines.

Conclusion

The NIS2 directive imposes demanding new standards on companies and public authorities to strengthen cybersecurity. Thanks to its centralized and adaptable approach, Carto-SI represents a valuable solution for effective compliance with NIS2 requirements. By facilitating infrastructure documentation, risk management and reporting, Carto-SI not only enables compliance with NIS2 standards, but also optimizes audits and compliance processes, helping companies to guard against sanctions and strengthen their resilience in the face of cyber threats.

Here’s a brief summary of the questions and answers we feel are essential to the subject.

• What is NIS2? NIS2 is a European directive aimed at strengthening the cybersecurity of critical infrastructures, extending the scope of NIS1 and imposing strict risk management and incident reporting standards.
• How to prepare for NIS2? Preparing for NIS2 means putting in place a comprehensive risk management system, tracking incidents in real time, and ensuring rigorous monitoring of compliance – tasks facilitated by solutions like Carto-SI.
• Who is affected by NIS2? The NIS2 directive applies to a wide range of sectors, including energy, healthcare, transport and public administration, affecting a variety of businesses and critical infrastructures.
• When did the NIS1 directive come into force? The NIS1 directive came into force in 2018, while NIS2, adopted in 2023, requires compliance by October 2024.