Home
Back to overview

NIS2 Directive

The NIS2 Directive is an EU-wide cybersecurity directive that came into force in January 2023, replacing its predecessor NIS1 from 2016. It obliges companies and organizations in critical and important sectors to introduce comprehensive risk management for their IT infrastructures, report security incidents, and comply with minimum cybersecurity requirements. Compared to its predecessor, NIS2 significantly expands the range of affected organizations and provides for considerably stricter sanctions in the event of violations.

The central aspect of the NIS2 Directive is the obligation to actively manage risk. Affected organizations must not only implement technical protective measures, but also be able to demonstrate that they systematically identify, assess, and address security risks. This includes measures to secure supply chains, access controls, encryption, and the protection of endpoints and networks.

For companies and authorities falling under NIS2, the directive means above all one thing: IT security, which has often been handled informally up to now, must be transferred into structured, documentable processes. The management of mobile endpoints is coming into particular focus here, as smartphones, tablets, and laptops are frequently used outside protected network environments, representing an increased attack potential that must be addressed from a regulatory standpoint.

The key benefit of structured endpoint management in the NIS2 context lies in auditability. In the event of an incident, organizations must be able to demonstrate that their devices were compliantly configured, kept up to date, and secured against unauthorized access. A central management solution provides exactly this documentation automatically and in an audit-proof manner.

NIS2 sets specific technical and organizational requirements that can only be met on a sustainable basis if endpoints are systematically managed and secured. Organizations that rely on a GDPR-compliant and on-premises-deployable approach simultaneously fulfill the requirements for digital sovereignty.