Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Synology Blog NIS2 compliance explained: How to meet key requirements

With the rise of sophisticated cyber threats, the Network and Information Systems 2 Directive’s (NIS2) purpose is to protect critical services and infrastructure and hold EU corporations to higher standards, as cyber attacks have risen to 46.5% in EU countries.

NIS2 aims to strengthen cybersecurity for network and information systems across the European Union and builds on the NIS1 Directive.

NIS2 expands the scope of the original directive, covering a wider range of industries and sectors and applying to more than 100,000 entities across the EU. It classifies businesses into Essential and Important entities and imposes stronger security requirements and enforcement penalties. Once NIS2 is implemented, the NIS1 Directive will no longer be in force.

In order to streamline NIS2 compliance, organizations need to implement data protection strategies capable of safeguarding corporate data, meeting regulatory requirements, and supporting business continuity.

The importance of NIS2 compliance​


With NIS2 becoming the standard across the EU, if a company is found to be non-compliant, a lot is at risk. Companies could face massive fines while management could personally be held responsible. Under NIS2, authorities have the power to require organizations to implement specific security measures, fix system vulnerabilities, and conduct audits and inspections to ensure compliance.

Failure to meet NIS2 requirements could expose companies to ransomware, data loss, and system downtime. NIS2 aims to strengthen cybersecurity across businesses in order to secure critical systems, protect data, and meet compliance.

Supply chains and third-party services working with companies are also required to meet NIS2 standards. As a result, organizations must conduct a vendor cybersecurity assessment. If the vendors are non-compliant, they may need to be dropped or the company may risk being non-compliant with NIS2.

Under NIS2, Essential entities, such as those part of the energy, transportation, financial, or healthcare industries, may incur fines up to €10 million or 2 percent of total worldwide annual turnover. Important entities, such as those in manufacturing, digital providers, postal industries, may face fines up to €7 million or 1.4 percent of their annual turnover.

Companies are required to report any cybersecurity incidents under NIS2, or risk substantial penalties. Affected individuals must receive an early warning within 24 hours, followed by a formal incident notification within 72 hours. A final report must be submitted within one month, with any subsequent updates added into the original incident report.

Implement NIS2 cybersecurity requirements with a purpose-built backup appliance​


NIS2 provides a framework for data protection but it is up to organizations to determine how to implement measures to meet regulatory requirements. With ActiveProtect, companies can meet cybersecurity requirements with powerful backup and recovery features, unified management, and advanced security safeguards.

[td width="50%"]NIS2 requirements[/td]
[td width="50%"]
How to meet NIS2 requirements
[/td]
[td]
Article 21(1): “…essential and important entities take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems…”​
[/td]​
[td]

  • Backup verification​
  • Data integrity checks​
  • Immutability​
  • Air-gapping​
[/td]​
[td]
Article 21(2)(b): “incident handling;”
Article 21(2)(c): “…business continuity, such as backup management and disaster recovery, and crisis management;”​
[/td]​
[td]

  • Centralized management​
  • Sandboxed environment for disaster recovery testing​
  • Instant data restoration​
[/td]​
[td]
Article 21(2)(h): “policies and procedures regarding the use of cryptography and, where appropriate, encryption..”​
[/td]​
[td]

  • End to end data transmission security​
[/td]​
[td]
Article 21(2)(i): “…human resources security, access control policies and asset management”
Article 21(2)(j): “the use of multi-factor authentication or continuous authentication solutions,…”​
[/td]​
[td]

  • Role-based access controls​
  • Authentication methods​
[/td]​

Data resiliency: Under NIS2, businesses must implement technical measures to ensure data is stored securely. To ensure that accurate backups are stored, ActiveProtect comes with automatic backup verification. In addition, self-healing is used to detect and repair any corrupt data.

Lock down your backups and store isolated, clean copies in a secure location via ActiveProtect’s air-gapping capabilities. Synology’s purpose-built backup appliance also comes with built-in immutability to prevent data tampering and deletion.

Business continuity: To align with NIS2 requirements and ensure business continuity, ActiveProtect includes a dashboard that lets users view protected workloads, backup status, deduplication ratio, and more, for data visibility.

ActiveProtect also comes with a built-in hypervisor so that companies can test their disaster recovery strategy in a sandbox environment to ensure successful data recovery when needed. Instantly restore your data in order to resume business operations as soon as possible when faced with threats of malware.

Data security: As NIS2 recommends encryption when necessary, ActiveProtect uses end to end secure data transmission to store data. When data is transferred to a remote storage site, AES-256 is used.

Data access safeguards: As NIS2 recommends using MFA or other authentication solutions to verify user identity, ActiveProtect comes with multiple user authentication methods and access controls. Set up user authentication via Windows AD and LDAP integration to centralize user management. Companies can also use SSO with existing MFA methods configured on your SSO/MFA server.

Assign user privileges and permissions via ActiveProtect for server access, backup and restore, or view-only access to limit employee access to data.

Click here to learn more about Synology ActiveProtect.

The post NIS2 compliance explained: How to meet key requirements appeared first on Synology Blog.
Synology Blog RSS

Continue reading...
- - -
Source: blog.synology.com
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Article Article
With the rise of sophisticated cyber threats, the Network and Information Systems 2 Directive’s (NIS2)...
Replies
0
Views
88
  • Article Article
The General Data Protection Regulation (GDPR) came into effect almost 10 years ago and has since been...
Replies
0
Views
33
  • Article Article
The General Data Protection Regulation (GDPR) came into effect almost 10 years ago and has since been...
Replies
0
Views
87
  • Article Article
For MSPs looking to stand out, providing Compliance as a Service (CaaS) might be the key. A survey by MSP...
Replies
0
Views
151
  • Article Article
Taipei, Taiwan — October 20, 2025 — Synology today announced the release of the ActiveProtect Manager...
Replies
0
Views
348
  • Article Article
Synology Free License and Subscription C2 Charge Changes AGAIN??? Here is Everything Affected Synology has...
Replies
0
Views
113

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top