News

Decoding NIS2: Cybersecurity compliance in the EU

Decoding nis2 cybersecurity compliance how devolutions help

The NIS2 Directive has introduced rigorous cybersecurity requirements across critical sectors in Europe, raising the bar for compliance. This article examines NIS2’s implications and how Devolutions' tools support IT teams in meeting compliance requirements and bolstering cyber resilience.

Coralie Lemasson

Meet Coralie, the Product Marketing Writer and Editor at Devolutions who brings literary insight to every piece of content she creates. Her formal training in English education has paved the way for a career centered on her love for language and writing. Outside the office, Coralie enjoys the finer things in life — lattes, wine, and interior design — and the nerdier things, like Star Trek, board games, and deep theological discussions. She shares her life with her curious equine companion, Arrakis, who’s as introverted, clumsy, and food-motivated as she is. Arrakis reminds her daily that while words and semantics are vital, true communication transcends the spoken and written word. Interactions based in honesty and goodwill can bridge the widest gaps — whether between humans, or species.

View more posts

With the NIS2 compliance deadline behind us as of October 17, 2024, IT professionals and organizations across the Europe Union (EU) are now facing increased pressure to comply with these newly enhanced cybersecurity standards. The NIS2 Directive represents a landmark effort in cybersecurity governance, aiming to secure critical infrastructure and protect essential services from the ubiquitous threat of cyberattacks. This article examines what NIS2 entails, who it affects, and how Devolutions supports organizations in meeting the Directive’s standards.

Understanding NIS2

The Network and Information Systems Directive (NIS2), an update to the 2016 NIS Directive, is the EU’s renewed initiative to fortify cybersecurity. As a response to rising digital threats, NIS2 standardizes cybersecurity practices across member states, fostering stronger defenses, streamlined incident response, and improved cooperation within the EU. This framework mandates essential and important organizations to adopt comprehensive cybersecurity measures that protect their critical services, uphold cross-border data integrity, and prevent disruptions that could harm public safety or economic stability.

The Directive’s timeline unfolded as follows:

  • NIS2 was officially enacted on December 27, 2022.
  • Enforcement began January 16, 2023.
  • EU member states were tasked with integrating NIS2 into their national legislation by October 17, 2024.

Implications for affected organizations

NIS2 applies broadly to entities that operate in critical sectors, ranging from healthcare and public administration to postal services and waste management. The Directive classifies organizations into two groups:

1- Essential entities: Large-scale organizations that provide vital services with potential widespread consequences if disrupted. Some examples of essential entities include:

  • Digital infrastructure (DNS, TLD, data centers, cloud services, telecommunications, etc.)
  • Finance
  • Health

2- Important entities: Smaller, but strategic organizations whose security practices are crucial for national and EU-wide cybersecurity. Some examples of important entities include:

  • Digital providers (search engines, online market, social networks, etc.)
  • Food (farming, food processing, packaging, transportation, retail, etc.)
  • Manufacturing (medical devices, computers and electronics, machinery and equipment, motor vehicles, trailers and semi-trailers, etc.)

NIS2 sets strict incident reporting requirements for all organizations under its scope. Organizations are now responsible for rapid reporting and effective management of security incidents, with multi-stage reporting processes designed to ensure transparency and coordination across borders.

Implications for IT professionals

For IT teams operating in these essential or important entities, NIS2 introduces specific cybersecurity requirements around incident response, supply chain security, risk assessments, and data protection. Each of these elements requires thoughtful implementation, proactive monitoring, and often an increase in technological support to meet compliance standards.

How Devolutions can support cybersecurity initiatives

While NIS2 focuses heavily on risk assessment and incident reporting, Devolutions’ suite of tools offers essential solutions that help organizations advance toward their cybersecurity objectives in line with NIS2’s guidelines. Notably, Devolutions PAM (privileged access management) offers compliance features like:

  • Remote access management
  • Administrative reports and auditing
  • Check-in and check-out information, such as a ticket number, just-in-time (JIT) access, justification for the check-out, and the length of privileged account access time

Furthermore, Devolutions PAM, Remote Desktop Manager (RDM), and Devolutions Gateway make up the perfect session recording trifecta for providing a record of what a user did while a remote connection was open in RDM or in a web session.

Devolutions Hub Business, Devolutions Server, and Remote Desktop Manager were all designed to streamline credential and session management for IT teams, and all support multi-factor authentication (MFA) — another key element in reducing risk (learn more about authentication in Devolutions Hub, Devolutions Server, and Remote Desktop Manager, respectively).

Although NIS2’s requirements address cybersecurity frameworks more broadly, our tools enable IT teams to uphold secure environments in practical ways by centralizing and protecting critical access points. Recognizing that compliance efforts can be complex and frustrating, Devolutions is committed to making tools that are seamless to implement and use. Our solutions are designed to reduce friction for teams working toward compliance, helping organizations focus on their core security objectives while strengthening their cyber resilience at the user level.

Conclusion

The NIS2 directive sets a new standard in cybersecurity across the EU — a standard grounded in strategic principles yet demanding practical, day-to-day solutions for effective implementation. For IT professionals worldwide, the directive signals a need to reassess and bolster cybersecurity frameworks with strategies and technologies to protect critical services and lay a strong foundation for compliance. To explore practical solutions that align with industry best practices, consider booking a discovery call with us to learn more about how our PAM solution can support your compliance and security objectives.

Related Posts
devolutions-is-on-bluesky

Devolutions is on Bluesky

Devolutions is now on Bluesky! Join us on this emerging platform for timely, useful content, including technical insights, while we keep things 'business as usual' on X. Stay connected!

Read more News posts