NIS2 Is On
The Horizon
You may
remember the rollout of GDPR in May 2018, which required extra effort to
document data protection and privacy protocols. For many companies, this meant
adapting Data Processing Agreements (DPAs) to match new security requirements.
GDPR compliance has since improved personal data security for EU citizens, and
fines for violations have kept data processors diligent.
But now,
the EU has developed additional directives to further strengthen cybersecurity.
The latest, NIS2, stands for the Network and Information Security Directive.
NIS2, originally initiated in 2016 as a response to increasing cyber threats,
will now be enforced by July 2025 in various sectors. This directive will
require stricter cybersecurity standards, particularly for sectors deemed
critical to society, such as energy, transport, healthcare, and finance, where
service disruptions or cyberattacks could have serious consequences.
The
Scope and Compliance Process
Several EU
countries have already implemented NIS2, the NIS2 compliance deadline is now
set for July 2025 after earlier delays.
For large,
high-priority companies, meeting compliance standards will be a lengthy
process. The compliance journey will include substantial documentation,
describing and detailing security processes. Outdated IT systems will face
particular scrutiny, while compliance-oriented industries rush to offer the
best solutions, from high-cost audit and consultancy packages to more
accessible, template-based, self-managed online systems. Searching “NIS2
compliance” online brings up a long list of providers, showcasing the
strong demand for compliance solutions.
Whether or
not a company falls under NIS2 may also be dictated by its clients. Some
businesses are required to ensure the full chain of data processing is
compliant. This requirement can lead to challenges in determining the exact
scope and depth of compliance across all service providers—a characteristic EU
regulatory puzzle.
How This
Affects Email Service Providers
As a provider of digital services, email service providers also fall under NIS2. Since these systems are considered potentially critical to societal functions, mySMTP has begun its initial compliance analysis to ensure readiness for NIS2 by early 2025..
