Europe is determined to play the trick of a technological development that watches over the rights of citizens. digital transformation and interconnection of society, as well as for companies, it entails great benefits, but it has caused an expansion of the cyberthreat panorama and, consequently, the appearance of new challenges that require measures adapted to the new context.
Some challenges that we want to alleviate with the Directive (EU) 2022/2555, (called NIS2), which contemplates measures aimed at guaranteeing a high common level of cybersecurity throughout the European Union (EU). But, what will this new legislation mean for Spanish companies?
From Datos101, a Spanish company specializing in data security solutions for companies, they highlight that “NIS2 will include all medium and large companies in critical sectors, but also common infrastructures such as data centers or research laboratories. As a novelty, it also includes the Public Administration and areas such as waste management, the chemical, pharmaceutical and food industries, the manufacture of heavy machinery, postal services, vehicles…”. For Santiago ArellanoCyber Account Manager of Datos101, “the key to NIS2 is that it includes very specific details about prevention, crisis management, incident response, ‘cyber’ tests or the need to use encryption”.
News in the sanctioning field
Beyond the extensions in the scope and improvement of coordination and cooperation, the NIS2 shows novelties related to the sanctioning regime. This new directive speaks of proportional and dissuasive sanctions. However, it will be necessary to wait for the transposition of the law to know how it will affect it. It should be noted that the NIS1 included fines of between 500,000 and 1,000,000 euros for very serious offences.
Santiago Arellano, Cyber Account Manager of Datos101, emphasize that “The most immediate economic effect of NIS 2 will not come from the sanctions, but from the need to apply the new cybersecurity requirements. These requirements will focus on risk management and companies will become responsible for the actions of their suppliers and suppliers”.
