Languages
In December 2022, the Council of the European Union and the European Parliament adopted Network and Information Systems Directive 2 (NIS2), or Directive 2022/2555, on network and information system security, with the aim of improving security systems to cope with increasingly frequent cyber attacks and providing for new, broader Cybersecurity requirements for all EU Member States.
In Italy, the Directive was implemented on 1 October 2024 through Italian Legislative Decree No. 138/2024, the date on which companies must start the process of adapting to the new requirements, and it will be fully operational from 1 January 2026.
Leviahub, always keen to ensure that its solutions are as secure as possible, has already complied with the guidelines as best it can, to offer secure environments to its customers and guide them towards risk-free business.
Hardware does not last forever and data centres have to be upgraded to keep abreast of an ever-changing market. Prevention, Monitoring and Recovery are the three key concepts to comply with regulations and remain competitive, and Leviahub is ready and willing to support you with the best services for your business.
The aim of the new measures is to ensure the business continuity of the entities even in the event of serious damage to the technological infrastructure, so as to prevent any interruptions in the workflow and any loss of essential data.
The Directive aims to create and strengthena European-wide cooperation network to promote the exchange of informationbetween Member States. This will facilitate the sharing of best practices andenable a coordinated response to cyber incidents across borders.
The Directive applies to more medium-sized and large industries than the previous NIS. The sectors involved have increased from 6 to 18.
The Directive introduces stricter penalties for repeated non-compliance and makes corporate safety managers responsible for breaches.
All entities involved must adopt specific technical and organisational measures for reporting incidents and managing or resolving cybersecurity risks.
More attention is required regarding vulnerabilities related to third-party providers. In this way, the entire supply chain is involved.
The penalties envisaged for breaching NIS2 regulations are severe and proportional to the seriousness of the breach; they vary depending on the type of entity involved (essential or important) and may relate to failure to manage risks, failure to comply with incident reporting requirements or failure to register with the competent authorities.
Penalties must be set by the Member States but must be at least equal to:
- 1.4% of global turnover or €7 million for important entities;
- 2% of global turnover or €10 million for essential entities.
Following the NIS2 Directive, Member States may require certifications and/or the use of certified products by the entities responsible.
Product certification is based on the European programmes for Cybersecurity certifications under EU Cybersecurity Regulation 2019/881. Additionally, according to the Directive, the European Commission may implement delegated acts in order to make specific categories of entities adopt certified technical solutions or obtain a corresponding certificate; these, however, may only be adopted if the Commission has previously discovered insufficient levels of cybersecurity and set a deadline for implementation.
Leviahub Spa
Headquarters: Foro Buonaparte, 71 - 20121 Milano (MI)
Tel. +39 02 611133 | info@leviahub.com
Share capital Euro 5.000.000,00i.v.
P.I. e C.F. 01233220324 | REA MI-2503338
SDI: 1YY4LRX
.svg)
.svg)
.svg)
