The NIS2 substantially broadens the scope of the original NIS Directive, which previously applied only to ‘Operators of Essential Services’ and ‘Digital Service Providers’. Going forward, the NIS2 will apply to a larger pool of service providers as long as they qualify as ‘essential’ and ‘important’ entities under the directive.
As mentioned above, the NIS 2 Directive undergoes a significant expansion in its scope, spread across 18 distinct sectors of activity. These sectors, as delineated in the directive, fall into two primary categories: highly critical and critical.
Highly critical sectors encompass energy (electricity, district heating and cooling, petroleum, natural gas, hydrogen), transport (air, rail, water, road), and banking. Entities within these sectors will now be classified as either significant entities (EI) or essential entities (EE). This represents a departure from the original NIS directive, which addressed "Essential Service Operators" (OSEs) and "Digital Service Providers" (DSPs).
However, not all organisations which operate under the defined sectors are going to fall within scope of the NIS2: business owners will also need to look at the location of their activities and the size of their business (as defined in terms of European law). Given the new principle of NIS2 by which organisations automatically fall within scope if they meet the criteria and are required to register themselves, it is highly recommended to carry out a scoping exercise to map the potential impact of the regulation.
At PwC, we support companies by providing comprehensive solutions tailored to meet the compliance with NIS 2 Directive. Our services encompass assessments, compliance support, and executive training.
We conduct thorough assessments to evaluate your current systems and processes, identifying areas that require attention to align with NIS2 requirements;
Our teams offer hands-on compliance with the Directive and its local transposition, by supporting the implementation of necessary changes given the Directive requirements and the landscape of cyber risks;
We provide targeted training sessions for Top Management, empowering them with the knowledge and skills needed to understand cyber risks, guide the organisation's cyber strategy, and thus ensure compliance with NIS2 regulations as they will be accountable for any breach of the company’s obligations.
With our approach, we aim at safeguarding your business integrity and fostering success in an evolving regulatory landscape.