NIS2 and ISO/IEC 27001 – Towards a cyber resilience of the European Union: Full dossier

The power struggles between China and the United States, the external threats of war and electronic warfare linked to the Russian coup in Ukraine, and the cyberattacks carried out by belligerent states have a significant influence on our collective desire to strengthen our European cyberdefense.

Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 concerning measures for a high common level of cybersecurity across the Union, known as the “Directive NIS2 » (which will complement and improve the NIS directive), is intended to be a real step forward in the way we manage our cybersecurity and cyberdefense. It has therefore been reviewed as a whole in order to harmonize our best security practices, but also, and above all, in order to increase the level of maturity of the cyber resilience of our essential entities (EE) and important entities (EI). This directive considers that EEs are private or public structures with more than 250 employees and a turnover of more than 50 million euros. These structures must be present in sectors categorized as “highly critical”. It considers that EIs are private or public structures with between 50 and 250 employees and a turnover of between 10 and 50 million euros. They must be present in sectors that are not considered “highly critical” for our country, but which can nevertheless have a significant impact on our economy.

To address a range of threats linked to the intensive use of increasingly intrusive digital technologies, it was necessary to better protect our most strategic assets. Increasing our security requirements and the scope of cyber risk assessment is, more than ever, a reality at European level.

In this article, the European directive NIS2 (Network and Information Security) will be the common thread to help readers understand how necessary it is to protect themselves from cyberspace, from the Internet, which is sometimes so hostile.

We will see why NIS2 focuses on the capacity of the Member States of the European Union to ensure their cyberrésilience which is the ability of an individual, organization or system to resist, adapt and recover quickly during a disaster.