Critical Infrastructure Security

NIS Directive & NIS2 Compliance for Essential Services

Cipher Knights provides comprehensive NIS Directive and NIS2 compliance services for Operators of Essential Services (OES) and Digital Service Providers (DSP). Protect critical infrastructure and meet regulatory requirements.

NIS2 Deadline: October 2024
Schedule NIS Assessment
€10M
Maximum NIS2 Fine
24hrs
Incident Notification
18
Critical Sectors
100K+
EU Entities Affected
Who Must Comply

NIS2 Affected Sectors

NIS2 expands coverage to 18 critical sectors including Essential and Important entities.

Energy

Electricity, gas, oil, hydrogen

Transport

Air, rail, water, road

Banking

Financial market infrastructures

Water

Drinking water, wastewater

Health

Healthcare providers, labs

Digital

Cloud, DC, CDN, DNS, MSP

Key Requirements

NIS2 Compliance Pillars

Risk Management

Implement comprehensive cybersecurity risk management measures.

  • Risk analysis and information system security
  • Incident handling and business continuity
  • Supply chain security
  • Security in network and information systems

Incident Reporting

Multi-stage incident notification requirements.

  • Early warning within 24 hours
  • Incident notification within 72 hours
  • Final report within 1 month
  • Service user communication

Management Accountability

Senior management personally liable for compliance.

  • Board-level oversight required
  • Cybersecurity training for management
  • Personal liability for negligence
  • Temporary management bans
Our Services

NIS Directive Compliance Support

NIS2 Gap Analysis

Comprehensive assessment against NIS2 requirements using NCSC Cyber Assessment Framework (CAF). Identify gaps and prioritise remediation.

CAF Assessment Gap Report Remediation Roadmap

Risk Management Framework

Implement comprehensive risk management aligned with NIS2 requirements including supply chain security and third-party risk.

Risk Assessment Supply Chain Security Third-Party Risk

Incident Response & Reporting

Establish incident response capabilities meeting NIS2 24/72-hour notification requirements with regulator liaison support.

IR Plan Development 24/7 Response Regulatory Reporting

Documentation & Evidence

Develop comprehensive documentation demonstrating NIS2 compliance including policies, procedures, and audit evidence.

Policy Development Compliance Evidence Audit Preparation
Evolution

NIS Directive vs NIS2

Requirement
NIS Directive (2016)
NIS2 (2024)
Scope
OES and DSP in 7 sectors
Essential & Important entities in 18 sectors
Maximum Fine
Varies by Member State (UK: £17M)
€10M or 2% global turnover (Essential)
€7M or 1.4% (Important)
Incident Reporting
"Without undue delay"
24hr early warning, 72hr notification, 1 month final
Management Liability
No specific provisions
Personal liability, temporary bans, public disclosure
Supply Chain Security
Limited requirements
Mandatory supply chain risk management

Prepare for NIS2 Before October 2024

Schedule a free NIS2 readiness assessment and ensure your organisation is compliant.

Book NIS2 Assessment Speak with NIS Expert