In the ongoing implementation of the EU’s NIS2 Directive, much attention has been paid to its implications for cybersecurity. Yet, arguably, the impact on organisations’ physical security and access strategy is just as important. In fact, NIS2 ushers in a new degree of focus on cyber–physical resilience – with significant potential penalties for organisations which do not comply with the framework’s demands.
NIS2 replaces 2016’s original NIS Directive on Network and Information Security. It represents a major legislative tightening of the minimum requirements for IT security in critical infrastructure and expands them to include several new sectors. The European Commission estimates that around 160,000 organisations will be impacted by NIS2 right away.
