The new EU NIS 2 Directive (Network and Information Security Directive) has entered into force and will be transposed into Swedish law through the Cybersecurity Act, which is expected to enter into force on January 1, 2025. The directive aims to improve protection against cyber attacks and strengthen digital resilience.

Companies covered by NIS 2 must now meet stricter requirements on security measures and incident reporting. This includes requirements for risk management, incident reporting within 24 hours, and measures to protect critical infrastructure and services. Non-compliance can result in significant penalties.

The NIS 2 Directive states that the risk management measures covered are consistent with those found in international standards, such as those included in the ISO 27000 series. Therefore, to facilitate compliance, organizations covered by the NIS 2 Directive should consider implementing ISO 27001.

Leave a reply

Your email address will not be published. Mandatory fields are marked *