Let's get your organization ready for NIS2

EU NIS2 Directive

Select Language

The Network and Information Security 2 Directive (NIS2) is legislation that aims to establish a high, common level of cybersecurity across member states of the European Union. Here’s what you need to know to be successful, and how ABB can help you during your journey.*

Ready to get started?

What

What is NIS2?
The European Union (EU) introduced the Network and Information Security 2 Directive in December 2022 as an update to the original EU cybersecurity rules introduced in 2016. The NIS2 Directive is legislation that modernizes the existing legal framework to keep pace with increased digitization, and an evolving cybersecurity threat landscape.

NIS2 expands the scope of EU cybersecurity rules to new sectors and entities with the goal of improving the resilience and incident response capacities of public and private entities, competent authorities, and the EU as a whole. This new directive is also a positive step for all citizens of the EU because it aims to secure the critical infrastructure that all EU citizens need and rely on.

What’s the difference between NIS and NIS2?
Introduced in 2016, Directive (EU) 2016/1148 (the NIS Directive) was the first piece of EU-wide legislation on cybersecurity. It introduced a significant change in how members states of the EU approached cybersecurity. NIS2 replaces the NIS Directive, providing legal measures to boost the overall level of cybersecurity in the EU. NIS2 also addresses several weaknesses that prevented the NIS Directive from unlocking its full potential. NIS2 widens the scope of the rules to more industries, strengthens risk and incident management and cooperation, and introduces stronger penalties and other compliance requirements to achieve a high, common level of cybersecurity across the EU.

NIS2 Document

Looking for the directive?

Open document

Who

Which industries are affected by NIS2?
NIS2 affects all EU organizations, industrial and non-industrial, including their suppliers, in critical sectors.

Other critical sectors

Energy: Electricity, oil, gas, heat, hydrogen
Health: Healthcare providers, labs, R&D, pharma
Transport: Air, rail, water, road
Banks and financial markets
Water and wastewater
Digital: IXP, DNS, TLD, DC, CSP, CDN, TSP, MSP, MSSP
Public administration

Other critical sectors

Postal and courier
Waste management
Chemicals
Food
Manufacturing technology and engineering
Digital services: Social, search, markets
Research

Compliance jurisdiction
Essential and important entities within the sectors of high criticality and the other critical sectors listed above are under the jurisdiction of the Member State where they provide their services. If the entity provides services in more than one Member State, it should fall under each Member state's jurisdiction. Entities where the service is provided or dependent on operations outside the EU should ensure the continuity of their EU services in case of disruption of their non-EU operations.

Does NIS2 affect your industry?

Learn more

What steps must you take?

NIS2 describes 10 categories of cybersecurity risk-management measures that firms must implement, + substantial reporting requirements.

Watch video overview to learn more

Policies on risk analysis and information system security.
Operators must conduct a cybersecurity risk assessment of production systems and define critical components.

ABB conducts IEC 62443-based risk assessments of any production system independent of the ICS vendor.

Cyber Security Risk Assessment

Learn more

Watch video

Improved incident handling.
Operators must detect cybersecurity compromises and incidents and report these incidents to the asset owner.

ABB provides tools and services to help you detect and respond to incidents.
How ABB can help:

Learn more

Watch video

Improvements in business continuity planning...
Operators must define their procedures to ensure prompt restoration of production in case of a cyber incident, starting with the business impact analysis.

ABB helps with contractual commitments of resources with appropriate response times and creating technical recovery plans. How ABB can help:

Learn more

Watch video

Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers in order to harden one of the most common attack vectors. Operators must determine IS requirements for their direct suppliers, and establish programs for supplier monitoring and verification (supplier audits).

ABB got you covered with our certifications (ISO/IEC 27001, IEC62443-2-4), and monitoring of suppliers.
Learn more:

ABB's Cyber Security Requirements for Suppliers

Learn more

Watch video

Security in network and information systems acquisition, development, and maintenance, including vulnerability handling and disclosure. Operators must specify requirements for the entire information system lifecycle (planning, development, testing, maintenance, replacement).

ABB's development process is based on industry standards and are certified.
Learn more::

Learn more

Watch video

Policies and procedures to assess the effectiveness of cybersecurity risk management measures. Operators must establish procedures for evaluating the effectiveness of protective measures in the area of information security.

ABB helps you with stay on top of your security with solutions and services.
Learn about our:

Learn more

Watch video

Basic cyber-hygiene practices and cybersecurity training to improve organizational preparedness and resilience. Operators must ensure that they assign only service-provider personnel to automation-solution-related activities.

ABB improves your team's capacity to recognize and tackle cyber threats.
How ABB can help:

Security Training

Learn more

Watch video

Policies and procedures regarding the use of cryptography and encryption to harden organizations against attacks. Operators must develop definitions and documentation for use of cryptography, encryption, and signing in to information systems.

ABB helps implement cryptographic measures, including encrypted communication, signed software packages, and secure remote access.
How ABB can help:

Remote Access Platform
IPSec at the HMI level

Learn more

Watch video

Increased human resources security, access control policies, and asset management to encourage a culture of cybersecurity awareness. Service providers must create and maintain an inventory register, and ensure that their automation solutions support account management.

ABB can assist you in creating procedures that promote a culture of cybersecurity and securely manage users and accounts.
Learn about our.

ABB Ability™ Cyber Security Workplace with asset inventory and OTPs for administrative support accounts

Learn more

Watch video

Multi-factor authentication or continuous authentication solutions, secured voice, video and text communications, and secured emergency communication systems to protect networks against the latest threat actors and tactics. Service providers must support multi-factor authentication for automation solution workstations as required by asset owners.

ABB supports multifactor authentication at the HMI level.
How ABB can help:

Consultancy services to implement MFA

Learn more

Watch video

Notify without undue delay and, in any event, within 24 hours after having become aware of the incident.
The act of notification does not make the notifying entity subject to increased liability.

The first step is to detect incidents and hopefully prevent the malicious actor access to the systems. ABB can help with our monitoring solutions.
Learn about our:

ABB Ability™ Cyber Security Event Monitoring with Incident Response

Learn more

Watch video

How

What are your organization’s next steps (and who can help you)?
As an organization that must comply with NIS2, you need to understand your compliance and reporting obligations, and perhaps find a partner to help you on the journey. For example, you must notify the appropriate authorities, without undue delay, of any significant cyber threat that you identify that could have resulted in a significant incident.

Standardization (Article 25 of the Directive)
To promote the convergent implementation of Article 21(1) and (2), Member States shall, without imposing or discriminating in favor of the use of a particular type of technology, encourage the use of European and international standards and technical specifications relevant to the security of network and information systems.

Incident notification

NIS2 imposes notification obligations in phases, for incidents which have a “significant impact” on the provision of their services.
These notifications must be made to the relevant competent authority or CSRT (Computer Security Incident Response Team).

Learn more about Cyber security regulation and attack detection: a guide to compliance.

Download Brochure

When

When must you act?
If your organization is affected by NIS2, you have until October 17, 2024, to adopt and publish the measures necessary to comply with the NIS2 Directive. There are other key deadlines, too.

ABB support and solutions

Partner with ABB to meet the NIS2 Directive with confidence

The ABB Ability™ Cyber Security portfolio reduces cyber risks by implementing security controls with a defensible architecture enabling customers to identify and address cyber threats before they create harm.

Consultancy

Address threats before they cause harm

ABB cyber security consultants help customers assess their security risk and plan appropriate improvements. Improvements may include elements from our portfolio of cyber security solutions or custom-designed solutions that best meet your specific needs.

Learn more

Technology

Deploy ABB-validated industrial cyber security technology

We offer a complete portfolio of cyber security solutions developed for industrial systems. Leveraging a complementary suite of ABB-engineered solutions and products from our partner ecosystem, we ensure all offerings seamlessly integrate to drive cyber security resiliency.

Learn more

Services

Stay secure while minimizing risks to production

ABB provides a range of cyber security services to help you stay secure and minimize the risk to your production. ABB industrial cyber security experts can extend your security team to maintain your security posture, monitor your system, and respond to incidents.

Learn more

Wondering where to start?

You likely have questions around NIS2 and how it impacts your organization. ABB Ability™ Cyber Security offers a comprehensive solution. Our industrial cyber security experts can help to reduce the likelihood and impact of a cyber incident and have deep experience in guiding customers through such compliance transitions.

Let’s collaborate to ensure your compliance with the EU NIS2 Directive.

* Disclaimer: Please note that the information provided on this page is not intended to be legal advice. It is based on the EU NIS2 Directive. It is important to note that a final decision on whether companies are affected can only be made after NIS2 is transposed into national law. Our recommendations are just a small part of the preparations that should be carried out. Despite our best efforts, errors may still exist in the content. Therefore, ABB will not be held liable for any damages.

Neem contact op

Verstuur uw aanvraag en wij nemen zo snel mogelijk contact met u op.
Neem contact op

Select region / language

Europe
Americas
Middle East and Africa
Asia and Oceania

Global - English
Austria - German
Belgium - Dutch | French
Bulgaria - Bulgarian
Croatia - Croatian
Czech Republic - Czech
Denmark - Danish
Estonia - Estonian
Finland - Finnish
France - French
Germany - German
Greece - Greek
Hungary - Hungarian
Ireland - English
Italy - Italian
Latvia - Latvian
Lithuania - Lithuanian
Luxembourg - French
Netherlands - Dutch
Norway - Norwegian
Poland - Polish
Portugal - Portuguese
Romania - Romanian
Russia - Russian
Serbia - Serbian
Slovakia - Slovakian
Slovenia - Slovenian
Spain - Spanish
Sweden - Swedish
Switzerland - French | German | Italian
Turkiye - Turkish
United Kingdom - English

Global - English
Argentina - Spanish
Aruba - Spanish
Bolivia - Spanish
Brazil - Portuguese
Canada - English | French
Chile - Spanish
Colombia - Spanish
Costa Rica - Spanish
Dominican Republic - Spanish
Ecuador - Spanish
El Salvador - Spanish
Guatemala - Spanish
Honduras - Spanish
Mexico - Spanish
Panama - Spanish
Peru - Spanish
Puerto Rico - Spanish
United States of America - English
Uruguay - Spanish

Global - English
Algeria - English | French
Angola - English | French
Bahrain - English | French
Botswana - English | French
Cameroon - English | French
Côte d'Ivoire - English | French
Egypt - English | French
Ghana - English | French
Israel - Hebrew
Jordan - English
Kenya - English | French
Kuwait - English
Lebanon - English
Madagascar - English | French
Mali - English | French
Mauritius - English | French
Morocco - English | French
Namibia - English | French
Nigeria - English | French
Oman - English
Pakistan - English
Palestine - English
Qatar - English
Saudi Arabia - English
Senegal - English | French
South Africa - English
Tanzania - English | French
Tunisia - English | French
Uganda - English | French
United Arab Emirates - English
Zambia - English | French
Zimbabwe - English | French

Global - English
Australia - English
Bangladesh - English
China - Chinese | English
India - English
Indonesia - English
Japan - Japanese
Kazakhstan - Russian
Malaysia - English
Mongolia - Mongolian | English
New Zealand - English
Philippines - English
Singapore - English
South Korea - Korean
Sri Lanka - English
Taiwan (Chinese Taipei) - Chinese - Traditional
Thailand - English
Vietnam - English