How to prepare for the EU Cybersecurity Directive NIS2

Who is affected?

NIS2 aims to ensure a high level of information security across the EU by focusing in particular on critical sectors such as energy, finance, healthcare and transport. This directive is an important response to digitalisation and the increasingly sophisticated cyber threats affecting our infrastructure and the functioning of our society.

NIS2 expands its scope compared to its predecessor, NIS1, by including more sectors, introducing minimum requirements for action, and expanding supervisory possibilities. This means more industries will be affected, which now also includes industries such as space, sewage, waste, manufacturing, food, chemicals, district heating, and others.

How to prepare

Each Member State must implement NIS2 in its national legislation. For Swedish companies and organisations affected, this means that they must prepare to meet the new requirements now. NIS2 prescribes specific measures that must be taken to improve cybersecurity. These include risk analysis, incident management, business continuity and supply chain security. It also requires strategies for managing vulnerabilities, cyber hygiene training and the use of cryptography.

Swedish companies and organisations should carefully examine how they are covered by the Directive and take appropriate measures to comply with its requirements. Failure to comply with the new requirements will result in significantly higher fines than before for inadequate levels of compliance.

RISE's role linked to NIS2

RISE closely follows the new EU regulations and plays an important role in supporting Swedish industry and increased competitiveness. We are an independent organisation with cyber security expertise that offers training, counselling, accredited testing against regulations and standards, research and testing in the field of cyber security.

Cybersecurity training courses at RISE

Professional penetration testning

Certifications in cybersecurity