The EU NIS2 directive (Network and Information Security Directive) promotes cybersecurity in the EU, which means that many industries need to step up. The directive aims to create common practices to improve data security in the production of socially critical services.
Legislative work related to the directive is in preparation, and the related legislation is scheduled to enter into force on October 18, 2024.
The NIS2 directive – who is affected?
NIS2 strengthens cybersecurity management across the board. The main factors that determine the applicability of the regulation’s requirements are the size of the business and the criticality of the industry. NIS2 defines the energy industry as a critical industry, among others, which means that even district heating is subject to the requirements. This means that it affects all operators in the timber industry that produce district heating. Indirectly, it also affects operators who supply raw materials to energy plants. Thus, by now at the latest, the majority of wood industry factories need to consider the requirements of the directive in their operations.
An essential part of maintaining the cybersecurity structures is the personal liability of management.
In addition, the NIS2 directive also takes into account the size of the companies and divides them into the following categories: central or large companies, important or medium-sized companies, and micro-operators that are not in the scope of the directive. For district heating companies, the threshold for being an important company is easily reached – this means that the changes will affect a large number of timber industry operators, as well as their subcontractors and suppliers.
What are the main changes brought about by the requirements of NIS2?
The practices of the directive relate in particular to the management of cyber risks, reporting deviations, ensuring the continuity of operations, and preventive monitoring. An essential part of maintaining the cybersecurity structures is the personal liability of management. Unlike in the past, the management of the organization is personally responsible for compliance, and there are significant financial penalties for non-compliance.
An external partner can provide an impartial audit of the organization’s practices and the current IT partner’s ability to meet the requirements of the directive. Pinja’s data security expertise is backed by extensive ICT experience and ISO 27001 certification.
Would you like to talk to our experts? Contact us.
Read more
Data security in the forest industry requires rules, cooperation, and accountability
Deforestation regulation EUDR is demanding for the wood industry
FSC certificate in the wood industry – how to ensure traceability in the supply chain
Timber by Pinja – the entire ERP of the sawmill and wood processing plant effortlessly
