The EU has introduced new cybersecurity regulations that apply to many companies providing essential services or producing critical goods for society. The aim of NIS2 is to strengthen and standardize cybersecurity, making the EU more resilient to cyber threats. As a result, stricter requirements now apply to several sectors, focusing on risk management, control, reporting, and supervision. The deadline for implementation is July 1, 2025.

At DI-Teknik, we focus on the requirements NIS2 places on enduser, and especially how it will also affect your critical production equipment, applications and installations. This applies from your OT infrastructure to the last controller in your system.

About NIS2

NIS2 is the common name for EU Directive (EU) 2022/2555, which establishes measures to ensure a high level of cybersecurity across the EU.

The NIS2 directive builds on and replaces the previous EU Directive on the security of network and information systems (NIS1 Directive). This directive strengthens and broadens the requirements for how companies must approach risk management, implement security measures, and prepare for handling cyberattacks.


Is your company covered by NIS2?

The requirements will apply to sectors considered critical to a country, including energy, transport, finance, health, water, digital infrastructure, public services, space, postal services, waste management, and manufacturing/enduser (such as chemicals, food, pharmaceuticals, electronics, machinery, and vehicles).

However, it is not just the sector that determines whether a company is covered by NIS2. The next factor to consider is the company’s size. Only companies that meet the EU Commission’s definition of medium-sized enterprises or larger are included.

Your company is therefore subject to NIS2 if it meets one or more of the following criteria:

  • More than 50 employees
  • +75 mio. dkr. in revenue (+10 mio. EUR)
  • +75 mio. dkr in total assets
    (+10 mio. EUR)


A typical enduser company

In a enduser company within critical infrastructure – for example a bank or a hospital – one will typically look at all critical production applications and utility systems that need to be covered, secured and monitored:

The necessary systems

  • IT/ERP
  • Building Operations
  • Work facilities

The critical systems

  • Access control
  • Cooling
  • Heat
  • Ventilation (HVAC)
  • Electricity distribution

Supplies

  • Electricity, gas and water supply
  • Emergency supplies, e.g. generator or UPS systems
  • Cooling and heating


5 steps

How to get ready for NIS2!

Complying with the requirements of the NIS2 Directive requires both structure and targeted efforts. Our method for handling NIS2 requirements is divided into five steps, with each step contributing to building solid and systematic security work.


David Søndergaard
das@di-teknik.dk
Mobile +45 28 88 24 88

Jesper Amsinck
jak@di-teknik.dk
Mobile +45 30 17 00 56

Contact us