·
14/08/2024
PROMOS News

NIS2 Directive – What does it mean for us?

According to estimates, the European NIS2 Directive will affect almost 30,000[1] German companies and organisations and places new demands on cyber security. As a data centre operator, we, just like all other companies likely to be affected, must familiarise ourselves with the new regulations in good time. What does this mean for us and who is likely to be subject to the upcoming law? PROMOS has been working on this topic for some time and is prepared for the implementation of the new EU directive.

What is the NIS2 Directive?

The NIS2 (Network and Information Security) Directive is an EU-wide regulation that aims to improve the level of cyber security. It replaces the original NIS Directive from 2016 and significantly expands its scope of application. The EU directive came into force in 2023 and must be transposed into national law by October 2024.

Legal situation and uncertainties

PROMOS is in regular dialogue with lawyer Stephan Wiedorfer-Rode in order to be prepared for the upcoming changes in good time and to be able to implement the necessary measures for our customers quickly. In his view, the situation is currently still unclear in many respects: “As is so often the case when transposing EU directives into national law, we are still faced with a lot of question marks at the moment. Although the directive is to be transposed into national law by October 2024, the Federal Ministry of the Interior and Community, which is responsible for this area, only presented a draft bill on 7 May 2024. Therefore, you don’t have to be a clairvoyant to realise that it will certainly not be transposed into national law by October 2024. The NIS2 Directive specifies 18 sectors to which the new law will apply.

As a data centre operator, PROMOS is part of the digital infrastructure sector and will therefore be subject to the necessary measures. Which specific requirements these will be is not yet entirely clear, but will depend, among other things, on whether PROMOS is categorised as a “critical facility operator”, “particularly important facility” or “important facility”. Whether and to what extent PROMOS customers themselves will also be affected by NIS2 is currently difficult to assess and will require legal clarification from the responsible customer lawyers in due course. However, if larger companies operate their own data centres, they will most likely also be subject to NIS2 regulations. It should be emphasised that all companies must independently check whether or not they are affected by the NIS-2 implementation; there is no official notification in this regard.”

The regulation will affect companies above a certain size, measured by the number of employees or turnover, for example. All companies that fall under the new NIS2 law must, among other things, maintain a risk management system, take certain security measures, are subject to reporting requirements and will presumably also be registered as part of this process. Smaller companies, on the other hand, are not covered by the upcoming law. Similar to the GDPR, it is also possible that companies that do not operate their own data centre will still have to have their data centre operators certify that they are NIS2-compliant.

Measures and benefits for customers

As a reliable IT service provider, it is a matter of course for PROMOS to comprehensively consider all security issues and to keep an eye on future changes at an early stage. Volker Schulz, CIO of PROMOS, explains:

He goes on to stress: “We will take all necessary measures properly and carefully.”


For customers, PROMOS’ compliance with the NIS2 directive means even greater security and protection. The measures improve the protection of sensitive data and reduce the risk of cyber attacks, which is particularly relevant in the housing and property industry.


Conclusion


The NIS2 directive will bring with it numerous innovations and challenges. PROMOS is in regular dialogue with experts and follows developments closely in order to be able to respond to future changes quickly and in a targeted manner. We will keep you up to date on this topic and will be happy to help you if you have any questions.

  1. Source: https://www.bechtle.com/ueber-bechtle/newsroom/it-solutions/2024/nis2-mehr-cybersicherheit-fuer-fast-30-000-deutsche-unternehmen-und-organisationen
Please wait