How NIS2 inspires future regulatory developments around the world - including BrazilHow NIS2 inspires future regulatory developments around the world - including Brazil

The NIS2 directive will enter into force in national law by European Union countries this month, and if you do business in the EU, it may even affect your company.

Por Anthony Cusimano

Understanding NIS2 is essential to assessing whether it impacts your company’s business in Brazil. This cyber security directive aims to strengthen defences in all EU sectors and, as well as impacting European entities, it also has repercussions for foreign companies linked to them. Therefore, for Brazilian companies conducting business with the EU, particularly in sectors involving data exchange or critical services, awareness is essential.

Brazilian leaders who fall into this scenario need to develop a plan to ensure compliance with NIS2 to avoid potential fines, operational disruptions and reputational damage to their business partners in the region.

What is NIS2?

It is the update of the EU’s Network and Information Security Directive to deal with the growing threat of cyber attacks.

As digitalisation expands, so do the challenges it presents, making enhanced data security regulations essential. NIS2 strengthens the EU’s cybersecurity framework by imposing stricter compliance requirements for ‘essential’ and ‘important’ entities.

This includes stricter incident reporting, enhanced risk management, greater corporate responsibility and robust business continuity strategies.

Non-compliance with NIS2 can lead to significant fines, which emphasises the importance of this directive.

Who NIS2 applies to

The directive affects organisations across the EU, categorising them into two main groups:

  • Essential organisations, such as transport, financial services, health and
    provide services that are critical to social and economic stability.
    These entities are subject to strict regulations, including reporting
    incidents within 24 hours.
  • Important entities represent a new category under NIS2 and
    include sectors such as postal services, waste management and
    manufacturing. Although these sectors must also improve their cybersecurity measures, their obligations are
    security measures, their obligations are less demanding than those of
    essential entities.

Supply Chain

It’s no surprise that the EU considers the supply chain to be a critical vulnerability that cybercriminals can exploit through business partners. A recent IDC study shows that 83 per cent of supply chains are unable to respond to disruptions within 24 hours. As a result, legislation introduces extensive requirements to protect ICT supply chains and B2B relationships.

Companies are obliged to assess the cybersecurity maturity of their suppliers and ensure robust protection, while applying protocols for vulnerability management. For Brazilian companies operating in EU supply chains, compliance with NIS2 is crucial to maintaining partnerships, avoiding penalties and ensuring continued access to the European market.

When it comes into force

NIS2 highlights the growing importance of cyber security, requiring EU member states to apply these regulations by 17 October 2024.

Waiting until the last minute could result in hasty and inadequate preparations, leading to potential non-compliance and the associated risks of heavy fines, reputational damage and increased vulnerability to cyber threats.

Starting now allows organisations to fully understand their obligations, implement the necessary cyber security measures and be fully aligned with the directive’s requirements before the deadline.

How to prepare for NIS2

To meet NIS2 compliance, organisations must gain a thorough understanding of the directive and its specific impact on their operations. If you do business with essential and important entities in the EU, you must implement ten cybersecurity risk management measures described in Article 21 of the NIS2 Directive.

These measures are designed to mitigate security risks to networks and information systems by incorporating the latest technologies and adhering to current standards for what is understood to be optimal security.

In 2016, Europe set a global benchmark for data privacy with the GDPR, which later influenced the LGPD in Brazil. Similarly, NIS2 is emerging as an essential framework for protecting companies in the region from cyber attacks and digital threats.

Given its comprehensive approach to cybersecurity, NIS2 could inspire future regulatory developments around the world, including in Brazil, especially as companies face increasingly sophisticated digital threats and it becomes imperative to take stricter cybersecurity measures.
measures.

By admin