NIS2 Directive what you need to know

Get ready for the NIS2 Directive with an end-to-end encrypted platform

Tresorit helps businesses take a shortcut to NIS2 readiness. Our content collaboration platform – purpose-built for cybersecurity and user-friendliness – supports your risk mitigation approach to NIS2 by ticking the most critical boxes.

Try for free

14 days without limitations

Webinar recording

Is your organization ready for NIS2?

Is the upcoming NIS2 directive a concern for you? In this webinar recording, our experts discuss the key requirements and provide practical implementation tips.

Learn about:

Affected sectors and core NIS2 requirements
How to strengthen your cybersecurity
Preparing for audits and reporting

NIS2 is the order of the day - prepare for it

Recommendations in cybersecurity are no longer enough – actions are needed. This is where the European Cybersecurity Directive NIS2 will make a difference. Businesses must take concrete steps by October 2024. Otherwise, they risk costly ramifications and even serious sanctions for senior executives.

Connected digital processes, rampant cyber attacks, and a growing hybrid workforce – are just a few symptoms of our highly tech-reliant business world. The impact of security breaches on critical infrastructures can extend beyond business losses, putting the economy and society at risk.

2025
by January, entities must submit first reports about their NIS2 measures to the national authorities.
2024
by October, Member States have to transpose NIS2 into their national laws.

Effectively stand up to the rigor of NIS2

We believe that compliance doesn’t have to be restrictive and cumbersome. That’s why we build our products with compliance & people in mind. So you can naturally transform your organizations’ way of working – fostering cybersecurity and productivity as a result.

The NIS2 (Network and Information Systems) Directive marks the European Union’s aim to strengthen the cyber resilience of a highly digital and risk-exposed economy and society. Compared to its predecessor NIS1, the new direcive introduces stricter cyber security measures for a broader number of sectors, deemed as critical for businesses’ and citizens’ everyday life.
The directive applies to a range of entities operating in 11 essential and 7 important sectors. Company size and turnover are the rule of thumb for deciding which company falls under the directive.
Both entity groups must fulfill the same requirements. However, essential entities considered critical for the society’s functioning, will be proactively supervised. Whereas, important entities will undergo scrutiny only after a non-compliance is reported.
Entities must take the following measures (Art 21) to protect their network, information systems, and physical environment from incidents:
Risk analysis & information system security

Incident handling

Business continuity measures

Supply chain security

Security in system acquisition, development & maintenance

Policies and procedure to assess the effectiveness of cybersecurity risk management measures

Basic cyber hygiene practices and cybersecurity training

Policies and procedures on the use of cryptography and encryption

Human resources security, access control policies and asset management

Use of multi-factor authentication, secured voice/video/text communication and secured emergency communication
NIS2 defines stricter fines for non-compliance and personal accountability on senior management level:
For essential entities: administrative fines of up to 10 million euros or 2% of the total annual global revenue in the previous fiscal year, whichever amount is higher.

For important entities: administrative fines of up to €7 million or 1.4% of the total annual global turnover in the previous fiscal year, whichever is higher.
NIS2 places a great emphasis on cloud security. The new directive has not just been extended to cloud providers, but also reinforces the reliance on secure cloud solutions by adding supply chain security as a new requirement.
In addition, NIS2 mandates that security should be a priority whenever a new system is deployed, developed, or maintained. No wonder that cloud security is embedded manifold in the NIS2 lingo. Multi-purpose cloud platforms secured by state-of-the art cryptography can help you fulfill many of the NIS2 requirements.
Both legislative frameworks have been established by the EU to enhance cybersecurity and operational resilience.
While NIS2 applies to a broader industry spectrum, DORA (Digital Operational Resilience Act) focuses specifically on the financial sector. NIS2 is a directive, whereas DORA is a regulation. NIS2 sets a course with the obligation for the EU Member States to transpose it into their national law. DORA is a binding legislation for all Member States after its entry into effect in January 2025.
Here are the key preparation steps that help you set up your organization for NIS2 compliance success:
Understand the scope and requirements of NIS2

Identify your organization’s gaps in the context of NIS2

Establish a holistic cybersecurity framework to close the gaps

Implement the legal, technical, and organizational measures

Design regular audit practices to ensure the effectiveness of your NIS2 strategy

The NIS2 Directive, in a nutshell

Full name: “Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive).”

Tresorit supports service providers on their NIS2 journey and beyond

Easily implement the NIS2 cybersecurity standards across your content workflows

It Services

Other NIS2 industry groups can also rely on Tresorit

Essential Entities*

Water Supllies

Digital infrastructure

Transport

Energy

Public sector

Space travel

Electronic communication

Waste water

IMPORTANT Entities*

Digital service providers

Producing of chemicals

Postal and courier companies

Waste management

Food

Digital services and data center

Research

Manufacturing

*Essential entities include the original NIS1 critical infrastructures, along with new sectors added under NIS2. As a new category introduced in NIS2, important entities cover a wider but less critical range of sectors. Company size and turnover play also a role when determining if your organization is impacted by NIS2.

One platform, multiple benefits

Automatic end-to-end encryption & zero-knowledge

that your employees, clients, and partners cannot bypass - bad actors will never be able to exploit.

One platform for secure storing, sharing & signing

that have been built for securing your entire document management lifecycle - without risky system switches.

Utmost security for external & internal file sharing

that helps you facilitate risk-free collaboration across your supply chain, client base, and entire organization.

A platform designed for compliance

that has proven to be the perfect choice for the strictest regulatory requirements - GDPR, HIPAA, TISAX, FINRA, including NIS2 & DORA.

Intuitive interface & integrations

that naturally adapt to your work style while supporting secure work habits - whenever you touch on a sensitive document.

Strong access & sharing controls at your fingertips

that empower you to regain control over your data flow, supervise who and when can access your content, and detect suspicious events in-time.

How can Tresorit help you meet the NIS2 requirements?

NIS2 article 21, (2)h
Ensure automatic encryption for all your collaboration
Implement strong encryption in seconds. Enforce its use without hassles. Built-in encryption offers you the shortcut to genuine security habits. Tresorit’s zero-knowledge end-to-end encryption makes it impossible for unauthorized parties to access your internal and external communications.
NIS2 article 21 (2)e
Encrypt the channels of your vulnerability disclosure
Prevent your vulnerability analysis from falling into the wrong hands. Tresorit ensures that detected security flaws will stay between you and your trusted partners.
NIS2 article 21, (2)h
Fortify your supply chain’s security posture
Tresorit ensures risk-free collaboration across you supply chain. Ensure business secrecy, seamless information sharing, and integrated document signing via Tresorit’s secure data rooms. Use email encryption and hit the button with full peace of mind.
NIS2 article 21,(2)i
Automate & enforce strong access control policies
Keep the information exchange inside and outside of your company in check, with granular security controls, watermarks, and audit logs. Enforce 2FA, supervise, and analyze how people interact with your content – from sharing to requesting files, from data room collaboration to signing.
NIS2 article 21, (2)b
Bolster your incident handling processes
Act promptly whenever an incident occurs, without extending your attack surface. Set up a confidential data room immediately to speed up detection and recovery. With Tresorit, you can easily exchange sensitive information with competent personnel, authorities, and CIRTs.
NIS2 article 21, (2)g
Effortlessly empower cyber hygiene practices
Instill secure work routines into your company’s culture with no hassles. A user-friendly tool with automatic encryption from sender to receiver and versatile security controls is the best way to go.
NIS2 article 21, (2)c
Business continuity with a platform built for resilience
Deliver friction-free services even in the face of an attack. With backup files securely stored in our cloud, you can bounce back in no time. Your collaborative processes can smoothly flow with 24/7 access to your files from anywhere - no matter the severity of the incident.
NIS2 article 21, (2)e
Ensure security in system acquisition, development & maintenance
Replace your disjointed ecosystem of apps with a single secure platform. Centralize your company’s sensitive content flow into a protected workspace, built in line with the Secure Software Development Lifecycle principles.

Webinar recording

Is your organization ready for NIS2?

Is the upcoming NIS2 directive a concern for you? In this webinar recording, our experts discuss the key requirements and provide practical implementation tips.

Learn about:

Affected sectors and core NIS2 requirements
How to strengthen your cybersecurity
Preparing for audits and reporting

Customer success stories

Compared to other services like Dropbox, Tresorit’s solution is much safer, compared to manual encryption, it’s less hassle, and compared to other online services, it offers a much better overall package.

Dr. Tobias Zimmermann, Research fellow, The Cardiovascular Research Institute Basel

The ability to manage access permissions at a granular level, granting only authorized individuals the ability to view, edit, or share confidential documents allows us to operate at highest security standards with uncompromised end-to-end encryption.

Henk-Jan Angerman, CVO at Secwatch

We need to have this extra layer of security when it comes to certain topics and handling personal data, we do it with Tresorit.

Raza Perez, Strategic Operations Lead at Trade Republic

Since the introduction of Tresorit, our confidential documents are only exchanged through Tresorit – and things have become secure, controlled and run smoother for all parties involved.

Felix Nolte, Solution Manager Workspace at Viessmann IT Service GmbH