Identity Governance will be a Key to NIS2 Compliance

In January 2023, the European Union’s (EU) updated Network and Information Security Directive, NIS2, came into force. EU Member States will have 21 months to transpose the articles of the Directive into their national legislation, with a due date of October 17, 2024.
The requirements of the directive will have implications at the regional, national, and organisational level. The updated directive increases its scope and coverage in terms of the industry sectors covered and the size of organisations it will apply to — expanding coverage down to midsized companies.
With that in mind, IDC believes that all organisations in EU member states should familiarise themselves with the requirements of the directive and begin shaping their cybersecurity strategy for the next 18 months to ensure they are both compliant and secure when the updated directive comes into force.
Post-Brexit, the requirements of the NIS2 directive will not apply to the UK overall. Nevertheless, NIS2 states that organisations providing their services in the EU will still need to comply with the directive. So, for example, cloud service providers that are not headquartered in the EU will fall under the jurisdiction of the EU member state where they have their “main establishment.” Additionally, note that the UK is also strengthening its cybersecurity standards, with the publishing of a National Cyber Strategy in December 2022 and pending updates to the country’s Network and Information Systems Regulations.