TÜV NORD GROUP offers NIS-2 awareness check

The European Union has decided to introduce the new IT security directive NIS-2 to strengthen the cyber resilience of essential and important companies in the member states. The new EU directive came into force on January 16, 2023. It must be transposed into national law by the member states by October 17, 2024 at the latest, without any transitional periods. By then, significantly more companies will have to comply with the requirements than under the previous NIS-1 directive from 2016 - including small and medium-sized enterprises. The challenge is that companies will have to determine for themselves whether they fall within the scope of NIS-2. TÜVIT, a subsidiary of the TÜV NORD GROUP, is now offering an impact check to help companies determine whether they are affected by the requirements of this new EU directive.

NIS-2 applies to companies with 50 or more employees and a turnover of 10 million euros in 18 defined sectors. The two criteria of company size and company sector are decisive in determining whether a company is affected by the directive. There are also some special cases.

Companies can use the TÜVIT impact check to check whether the requirements of the NIS 2 Directive will be mandatory for them in the future. The check contains information on which requirements must be implemented, how and by whom. Users are guided through the branching test, click on their applicable information and then receive a non-binding result. Use of the NIS-2 impact check is at your own risk. No guarantee is given for the accuracy, completeness or up-to-dateness of the information provided. Any actions based on the content and statements of the NIS-2 Betroffenheits-Check are the responsibility of the user. The information provided in this NIS-2 Affected Person Check is for information purposes only and does not constitute legal or other advice. By using the NIS-2 Affected Person Check, users agree to these terms and conditions. The NIS-2 Affectedness Check is available free of charge at NIS-2 Quick-Check - Check affectedness now | TÜVIT (tuvit-consulting.de).

The introduction of NIS2 extends the responsibility for defending against cyber threats to SMEs and makes compliance with cybersecurity requirements a management task. Failure to comply with these requirements can lead to substantial fines and even personal liability for directors. It is estimated that between 25,000 and 40,000 companies in Germany will be affected by the NIS2 directive. These include not only operators of known critical infrastructures (KRITIS), but also companies from various sectors such as food production and trade, online marketplaces, the waste disposal sector, manufacturers of machinery and electronic equipment as well as hydrogen producers and traders. In addition, affected companies will require their suppliers to comply with these cybersecurity requirements in order not to jeopardize their own cybersecurity.

TÜVIT supports companies in implementing suitable risk management measures, also with regard to partners within their supply chain. By implementing an information security management system (ISMS) in accordance with ISO/IEC 27001, §8a or IT-Grundschutz and other organizational and technical measures as well as revising their purchasing guidelines, companies are prepared for the new legal regulations and better protected against cyber attacks.

TÜVIT, together with the company ALTER, forms the Digital and Semiconductor Business Unit of the TÜV NORD GROUP. ALTER and ALTER | HTV offer reliable and agile solutions in the areas of engineering, procurement, logistics, programming, assembly, testing and long-term storage of semiconductor technologies.

Founded over 150 years ago, we stand for security and trust worldwide. As a knowledge company, we have our sights firmly set on the digital future. Whether engineers, IT security experts or specialists for the mobility of the future: in more than 100 countries, we ensure that our customers become even more successful in the networked world.