PREPARE YOUR COMPANY FOR NIS-2
What is NIS-2 and why does it matter for your company?
NIS-2 is a European Union directive aimed at raising cybersecurity standards and enhancing organisations’ resilience to threats. It introduces uniform requirements across the EU, obliging businesses to implement appropriate protective policies.
In Poland, the NIS-2 directive will primarily be implemented through amendments to the National Cybersecurity System Act. Work is already underway, and although the timeline for adopting these regulations is not yet known, organisations will have limited time to adapt to the new requirements once they come into effect.
This means it is advisable to start preparations now.
WHICH COMPANIES WILL BE COVERED BY NIS-2?
Who does NIS-2 apply to?
The scope of entities covered by the NIS-2 directive is unprecedentedly broad.
It includes sectors such as energy, transport, banking, public administration, manufacturing, machinery, electronics, digital services, and courier services.
Moreover, it also applies to sectors not typically associated with cybersecurity, such as food production, chemicals, and healthcare – and this is still not a complete list!
The directive specifies a list of essential and important entities subject to the new regulation. Regardless of size and turnover, small and micro enterprises may also fall under NIS-2 and be classified as essential if their activities relate to specific sectors.
It is estimated that the directive will directly and indirectly cover around 30 000 enterprises in Poland.
Essential entities
Criteria:
- more than 250 employees, and
- annual turnover of more than EUR 50 million and/or
- annual balance sheet total of more than EUR 43 million.
Economic Sectors:
- Energy:
- Electricity
- District heating or cooling system
- Oil
- Gas
- Hydrogen
- Transport (air, rail, water, road)
- Banking
- Financial market infrastructure
- Healthcare
- Drinking water supply and distribution
- Wastewater
- Digital infrastructure
- Management of ICT services (between enterprises)
- Public administration
- Space
Important entities
Criteria:
- more than 50 employees, and
- annual turnover of more than EUR 10 million or
- annual balance sheet total of more than EUR 10 million.
Economic Sectors:
- Postal and courier services
- Waste management
- Production, manufacturing, and distribution of chemicals
- Production, processing, and distribution of food
- Production:
- medical devices
- computers
- electronic and optical products
- electrical equipment and machinery
- motor vehicles, trailers, and semi-trailers, as well as automotive parts
- ships, aircraft, and boats
- Digital services
- Scientific research
TASKS FOR THE COMPANY
What obligations do entrepreneurs have?
Entities covered by the NIS-2 directive will be required to take various actions to ensure protection against cyber threats, including:
- Systematic risk assessment
- Risk management
- Prevention, detection, and response to incidents
- Implementation of technical and organisational measures
- Monitoring vulnerabilities to cyber threats
- Ensuring supply chain security
TASKS FOR ENTREPRENEURS
Why is it worth getting interested?
Even if your company is not directly subject to the new regulations, they may indirectly apply through the requirements set by suppliers in the supply chain.
Every company covered by the directive must ensure the security of its partners, which means that either your company will have to pass the requirements on to its suppliers, or additional requirements may be imposed on your enterprise.
RISKS FOR ENTREPRENEURS
Consequences for entrepreneurs
Non-compliance with the new regulations can lead to serious consequences:
High financial penalties:
- at least EUR 10 million or 2% of annual turnover (for essential entities)
- at least EUR 7 million or 1.4% of annual turnover (for important entities)
- individual penalty of up to 600% of the salary for the person responsible for the cybersecurity area
- liability of management, including prohibition from holding executive positions
- suspension of licences or permits
In addition to direct financial penalties, non-compliance can also harm the company’s reputation, leading to a loss of trust among customers and business partners. In today’s globalised world, where data security is a priority, failure to adhere to regulations can have long-term negative consequences for any organisation.
OUR SERVICES
How can we help?
As NGL Group, we offer comprehensive, integrated support in adapting your company to the NIS-2 requirements, combining legal expertise with in-depth knowledge of organisational security aspects and the technological competencies of our experts and trusted partners.
Everything under one roof – we handle the entire process, from documentation analysis to implementing changes and providing practical operational support, allowing our clients to focus on business growth without worrying about compliance with regulations.
Audit and recommendations for change
We conduct a detailed legal, organisational, and technological audit to assess your company’s current compliance status with the new regulations. We will identify areas needing improvement and develop a plan for implementing the necessary changes.
Implementation of recommendations
We will help prepare the necessary changes to the documentation, oversee the implementation of technical requirements, and organise training for the team.
Ongoing support and compliance with NIS-2
We will provide ongoing support in maintaining compliance with the NIS-2 implementation law and new requirements resulting from emerging threats. We also offer incident reporting assistance to minimise the impact on your organisation.
We guarantee full implementation compliance once the law is published in Poland
We know that work is underway on the implementation of the NIS-2 Directive into Polish law, so as part of our services, we ensure that if there are any differences arising from the Polish regulations after the publication of the law, our team will make the correction and make the final changes free of charge.
However, it is worth starting preparations now.
Contact us
Make an appointment with our expert and find out how we can help your company meet NIS-2 requirements.