Skip to content

Is your organization ready for the NIS2 Directive? 


The NIS2 Directive signifies an important advancement in strengthening the resilience and security posture of organizations across the EU. As sectors such as healthcare, energy, transportation, and financial services prepare for the directive, which is scheduled to become national law by the 18th of October 2024, the need for comprehensive security solutions has never been more urgent. Today, on February 23, the Swedish government will present proposals for adapting Swedish law to implement the NIS2 Directive.

The NIS2 Directive not only expands the scope of sectors covered compared to NIS1, but also increases obligations for risk management, network security, and particularly incident reporting.

Non-compliance – Up to 10 million euros in fines

With penalties for non-compliance reaching up to 10 million euros or two percent of total annual turnover, the directive underscores the critical importance of cybersecurity readiness. The recent SEK 12.5 million fine under the Swedish Protective Security Act serves as a reminder of the financial repercussions of failing to comply with such regulations. Beyond financial penalties, non-compliance exposes organizations to increased cyber risks, jeopardizing their operational integrity and reputation.

Incident reporting – A key requirement in NIS2

One of the key requirements of the NIS2 Directive is the prompt reporting of significant incidents. Organizations must notify the relevant authority or Computer Security Incident Response Team (CSIRT). In Sweden, The Swedish Civil Contingencies Agency (MSB), serves as the responsible authority for incident reporting. The affected organization is obliged to provide an early warning within 24 hours of becoming aware of an incident and follow up with a detailed report within 72 hours. 

This rapid response time is crucial for mitigating the impact of cyber incidents, a capability that NTT Security’s 24/7, all year round MDR service, equipped with incident prevention, detection, and response features, is well-suited to provide. 

Our service ensures not only the detection but also the swift mitigation of threats, preventing potential breaches from escalating into full-blown crises. By proactively defending against cyber threats and facilitating turnkey incident handling, our MDR service embodies the proactive stance mandated by the NIS2 Directive.  

Simultaneously, it offers incident reporting for IT/OT environments to achieve the directive’s requirements. In a landscape where companies have identified weaknesses in OT, our solution offers full visibility across your IT/OT infrastructure, ensuring a holistic approach to compliance. 

Implementation of the EU directives  

Today, the Swedish government will present regulations on how to identify and specify requirements for entities covered by the NIS2 Directive. This includes an analysis of how the new regulation will function alongside the security protection regulations and a proposal on the necessary changes to achieve a more coherent system between the frameworks, as well as proposing necessary legislative amendments. You can find more information here
With the NIS2 Directive’s deadline approaching, organizations must evaluate their cybersecurity frameworks and address any gaps in their preparedness to ensure compliance with the impending regulations. Failing to comply could result in severe fines and a compromise in cybersecurity integrity, but luckily, numerous measures can be taken to protect your organization effectively.  

Reach out to our experts at NTT Security to discuss your compliance needs and discover how our services can support your journey to NIS2 compliance.