Cyber resilience at the European level

The NIS2 guideline

The NIS2 directive was created to strengthen the digital security of critical infrastructures and key sectors in the European Union. This revised regulation expands the scope of its predecessor by not only imposing stricter requirements on network and information security, but also by including suppliers and third parties in the chain.

Central government about NIS2

NIS2 at a glance

The NIS2 guideline is built on two pillars that together strengthen the digital resilience of organizations.

Duty of care: Organizations are required to take comprehensive measures to mitigate cyber risks and ensure continuity of operations. This includes securing networks and access points, encrypting sensitive data, strengthening the supply chain, creating contingency plans and implementing recovery procedures. In addition, companies must have a crisis response team prepared for acute threats.

Reporting requirement: Essential organizations are required to establish processes for timely reporting of serious security incidents. This includes a 24-hour reporting requirement for early warnings. In addition, NIS2 emphasizes managerial accountability, requiring management to be actively involved in and knowledgeable about the organization’s cybersecurity measures.

NIS2

Consequences of non-compliance

The consequences of failing to comply with NIS2 are significant. Organizations designated as “Essential” risk fines of up to €10 million or 2% of total revenue, while “Important” entities can face fines of up to €7 million or 1.4% of revenue. Moreover, in serious cases, regulators can suspend business operations if they are critical to network security. Directors and executives can also be held personally liable for compliance and implementation failures.

Operational, strategic and managerial

A key difference from the original NIS directive is that NIS2 holds executives directly responsible for compliance. This emphasizes that cybersecurity is no longer just an operational responsibility, but a strategic and managerial concern. It recognizes the critical role of information security in protecting national and economic stability.

As EU member states are required to enshrine NIS2 in their national legislation, it is essential for organizations to take the right measures now and be prepared for the stricter requirements that will come into effect.

NIS2 c-suite

The role of data storage at NIS2

NIS2 places a strong emphasis on ensuring continuity and security of critical systems, and data storage plays a central role in this. To meet the requirements of NIS2, organizations must ensure that their storage infrastructure is not only secure, but also contributes to fast and efficient incident response.

An NIS2-compliant storage strategy starts with immutable storage, which stores data immutably. The most reliable form of immutability is hardware WORM, because compared to software-based WORM, it cannot be bypassed. This prevents manipulation or deletion of data by ransomware or malicious parties. In addition, airgap technology provides physical separation between critical data and the network, keeping data fully protected from digital attacks.

Scalability and performance of storage solutions are also critical. NIS2 requires that organizations be able to quickly access backups and restore data within specified time limits. This means storage solutions must meet strict recovery targets (RTO and RPO) to ensure service continuity.

Finally, organizations must demonstrate that their storage infrastructure meets the reporting and testing requirements of NIS2. This requires systems that support traceability and transparency so that security incidents are not only resolved quickly, but also documented for future audits.

Data storage is thus not just a technical necessity, but a strategic tool that allows organizations to meet the stringent requirements of NIS2 while laying a solid foundation for a secure digital future.

Storage that promotes NIS2 compliance

Ransomware proof backup and fast recovery

Secure your data against any threat

Protect your organization from data loss, ransomware and disruptions.

Thanks to our systems, you always have access to your data, even in case of emergencies.

Physical air gap as the most reliable layer of Immutability.

Long-term, compliant archiving

Comply with laws and regulations without compromise.

Certified hardware WORM storage for guaranteed immutability and Zero Loss.

Specially designed for sectors with critical infrastructures.

More about Silent Bricks
More about Silent Cubes
whatsapp
Questions?

For more than 30 years, the specialist for digital secondary storage

Facebook-f Youtube Linkedin Whatsapp
address

Vogt 21
6422 RK Heerlen
Netherlands

Contact
Copyright © 1992 – 2025 comex.eu | digital storage specialists

Subscribe for tips and info

We regularly write blogs on current topics from the world of digital storage technology. Sign up here to be notified about new blogs.