NIS2

EU directive aimed at raising the bar for information and cyber security

The second EU Network and Information Systems Directive, or NIS2 for short, is similar to the GDPR in a way that it is another EU directive aimed at raising the bar for information and cyber security. While the GDPR focused primarily on the protection of personal data, NIS2 focuses on higher critical and important sector cybersecurity standards. Like the GDPR, the NIS2 directive applies to both the public and private sectors. This directive establishes certain requirements for information and cyber security management and implementation, which all companies and organisations that fall under the critical and important subjects list must adhere to.

Lithuania has been among the first EU countries to update its cybersecurity law according to the Directive and organisations are actively implementing the specific requirements set out in the updated Cybersecurity Law of the Republic of Lithuania.

Icon

How NIS2 is different from NIS1?

Compared to NIS1, the scope of companies to which the new version of the directive will apply is significantly expanded. In addition to expanding the critical sectors, important sectors are also added. The application of the directive to these areas will differ in that organisations in critical sectors will have to provide ongoing proof of their cyber security status, while those in important sectors will only be checked in the event of an incident.

  • Critical sector organisations: 250 employees, annual turnover of 50 million euros.
  • Important organisations: 50 employees, annual turnover of 10 million euros.

These criteria may vary depending on the sector. An organisation can be considered critical regardless of its size if it is the sole provider of a critical service. This will also affect some companies indirectly, as they will be service providers (third parties) to these companies, and their attention to cybersecurity will also need to be verified.

10 essential entities according to NIS2

Icon
Transport
Icon
Waste water
Icon
Healthcare
Icon
Public administration
Icon
ICT services
Icon
Energy
Icon
Space
Icon
Drinking water
Icon
Financial services
Icon
Banking

7 important entities according to NIS2

Icon
Digital providers
Icon
Chemicals
Icon
Research
Icon
Manufacturing
Icon
Food production
Icon
Waste management
Icon
Postal services

We can help you with

Icon
Cyber threat monitoring
Our managed SOC services for centralised monitoring of cybersecurity events and remediation of cyber threats. CyberSOC services are available on a 9/5 or 24/7 basis, depending on the client’s needs. during the provision of all services, cybersecurity analysts will actively analyse the incoming security events using the most advanced technologies, assessing their criticality and impact on your IT infrastructure.
Icon
vCISO
Cybersecurity Officer, Security Officer, ISO, CISO - all these job titles usually refer to the same person - the person who makes sure that all the technical and organisational controls are in place. With our managed CISO services will help your organisation with the necessary documents and policies as well as keep them up-to-date, maintain them and organise cyber resilience activities.
Icon
Processes and procedures compliance
We will collect information about the cybersecurity measures and security processes implemented in your company and assess how they comply with the priority security areas set out in the updated Cybersecurity Law in your country. Our competent team of IT security auditors will help you test your IT security posture and assess compliance.

Have a chat with our consultants

Icon

Augustinas Daukšas

Cybersecurity consultant | CEH, CISA, CISM

Let's get in touch
Icon

Beatričė Lenauskaitė

Cybersecurity consultant

Let's get in touch

Our focus: cybersecurity solutions, consulting, and other services

We are a European company with global outreach and help organisations to secure their digital environments. Our experts have extensive experience in cybersecurity incident management, auditing, security operations centres and other services.

Find out more about NRD Cyber Security

Other services

01

Managed SOC 24/7

Security Operations Centre provides maximum cyber resilience through round-the-clock network monitoring
02

CISO services

Our certified specialists will assess your organisation’s structure, needs and strategic objectives to effectively strengthen your cybersecurity posture
03

Technology solutions

We help with technology deployment and maintenance
04

IT security audit

Competent team of IT security auditors will help you test your IT security posture and assess compliance
05

ISO 27001 standard implementation

Experienced team helping you implement ISO 27001 standard
06

Pentests

We will determine whether and how, in case of a cyber-attack, your organisation’s network vulnerabilities can be exploited
07

CSIRT and SOC consultancy services

National, governmental, and sectorial CSIRT or SOC establishment, modernisation, and training
08

Cybersecurity capacity building

Services that help organisations and nations to build their cybersecurity capacity
09

Natrix

Centralised cybersecurity monitoring and threat hunting platform. Its functionalities go beyond just visibility and offer capabilities to build and continuously refine rules for detecting threats and non-compliance.
010

CyberSet

A set of technologies and operational procedures, which enables the integration and automation of typical Security Operations Centre (SOC) functions for Managed Security Service Providers (MSSP)

Our customer stories

CISO services for the ROIX crowdfunding platform
CISO services for the ROIX crowdfunding platform
Cyprus: National CSIRT establishment
Cyprus: National CSIRT establishment
ENISA: The development of a cybersecurity crisis maturity assessment model
ENISA: The development of a cybersecurity crisis maturity assessment model
Enhancing internal fraud prevention for Šiaulių Bankas
Enhancing internal fraud prevention for Šiaulių Bankas
Natrix and CyberSet deployed for CSIRTMalta
Natrix and CyberSet deployed for CSIRTMalta
Natrix threat monitoring platform for Egypt's financial sector
Natrix threat monitoring platform for Egypt's financial sector
Assessment of the level of cybersecurity governance, and the security of the critical national infrastructure in Serbia
Assessment of the level of cybersecurity governance, and the security of the critical national infrastructure in Serbia
Assessment of the cybersecurity ecosystem in Bosnia and Herzegovina
Assessment of the cybersecurity ecosystem in Bosnia and Herzegovina
Analytical study "Analysis of Cyber Threats to Lithuania's Critical Energy Infrastructure and Financial Sector"
Analytical study "Analysis of Cyber Threats to Lithuania's Critical Energy Infrastructure and Financial Sector"