days until DORA is in effect on January 17, 2025. Download your cheat sheet here.
We’ve focused a lot in recent posts on the upcoming January 2025 enforcement deadline for the European Union’s new Digital Operational Resilience Act (DORA). But that’s not the only set of cybersecurity rules coming out of Europe – there’s also a new regulatory framework known as the NIS2 Directive. Let’s examine what it means for financial sector firms as NIS2 rules begin to go into effect this fall.
NIS2 Brings Stronger Enforcement, Broader Scope
Known formally as the Directive (EU) 2022/2555, NIS2 was finalized in January 2023 as an updated version of a previous directive aimed at improving cybersecurity and readiness to withstand malicious attacks. The updates in NIS2 include a wider scope, more security requirements, tougher reporting obligations and stronger enforcement – all of which start going into effect when EU member states are required to implement the NIS2 Directive into their national laws by October 17, 2024, just a few weeks away.
With the goal of expanding cyber protections across a larger share of the economy and society, NIS2 directs member states to expand their national cybersecurity strategies to include key areas like supply chain, vulnerability management, core internet and cyber hygiene. To support this, NIS2 also establishes peer review resources for enhancing collaboration and knowledge sharing across government and industry stakeholder groups.
When it comes to enforcement, the European Union Agency for Cybersecurity (ENISA) is the organization tasked by NIS2 to carry out certain measures. These include publishing annual reports; administering a working group known as the European Cyber Crises Liaison Organisation Network (CyCLONe); and creating and maintaining a registry of entities that provide cross-border services – such as domain name system (DNS), data center, cloud computing or other service providers.
Taken together, these measures mean financial organizations will have a higher threshold for cybersecurity to meet in order to ensure NIS2 compliance. Fortunately, alternative investment firms can turn to ECI as the trusted partner to make such compliance a reality.
Partnering with ECI for NIS2 Compliance
As with DORA, the NIS2 Directive is a Europe-based regulation. Also like DORA, however, it impacts firms anywhere in the world that conduct any business within the EU. This basically includes the majority of alternative investment firms, whose portfolios are often international and even global in nature. As such, NIS2 is an additional mandate, alongside DORA, the SEC’s new cybersecurity rules and other regulations, that global financial firms need to comply with.
Achieving such compliance requires an advanced and comprehensive approach to cybersecurity, and that’s where ECI comes in as the ideal partner. We take a holistic and coordinated approach to enterprise security and operations with our Governance, Risk and Compliance (GRC) Program. This industry-best GRC program delivers enhanced security and cyber protections by proactively mapping out which data is running on which systems; who has access; which data sets are subject to which regulations; and how data is encrypted.
Furthermore, our GRC Program enhances visibility and control with the help of analytical models that marry real time threats with proactive recommendations to address and mitigate the risks they cause. These protections, together with ECI vulnerability management tools that transform the organization with drastic reductions in critical risks, allow firms to easily meet and exceed NIS2 compliance standards.
ECI’s GRC Program is already helping clients get compliant with DORA and SEC regulations. Now NIS2 arrives as just one more reason why partnering with ECI for GRC support is a great investment. ECI helps ensure operations remain secure and compliant wherever you’re doing business, and whatever regulations your firm is subject to. Learn more about how ECI’s expert guidance can help your organization achieve global compliance.
