NIS2 Directive

Higher level of cybersecurity

The NIS2 Directive is the European Union's updated Directive on Security of Network and Information Systems, designed to strengthen the overall cybersecurity framework across member states. It replaces the original NIS Directive (adopted in 2016.) to address emerging cyber threats and to improve the resilience of essential services and digital infrastructures within the EU.

Main goals

  • Increasing resilience to cyberattacks
  • Reducing disparities in requirements and measures between individual countries in achieving cybersecurity
  • Raising awareness and improving response capabilities to cyberattacks

    At the national level of the Republic of Croatia, a new Law (NN 14/2024) has been published, defining the categorization of business entities according to their exposure to cyberattacks. By the end of 2024, companies will receive a Notice of Categorization, and within one year, they must comply with cybersecurity requirements.

    Companies in sectors covered by the Directive will need to take appropriate security measures and report incidents to national authorities, while digital service providers must meet security requirements.

    Key entities:

    • Energy – oil, natural gas, hydrogen, electricity supply, centralized heating and cooling, etc.
    • Transport – air, rail, road, maritime
    • Banking (excluding central banks)
    • Financial market infrastructure
    • Healthcare – including pharmaceutical product and vaccine production
    • Space
    • Water supply (drinking and waste)
    • Digital infrastructure – domain name service providers (DNS), top-level domain (TLD) registries, internet exchange points (IXP), data center providers, cloud computing, content delivery networks, public electronic communications networks, electronic communications services, etc.
    • ICT service management
    • Central and regional public administration, and if an EU member state opts for it, local authorities.

    Measures apply fully, from the requirement to implement measures, to incident reporting, independent audits, and supervision.

    Important entities:

    • Postal and courier services
    • Waste management
    • Chemicals – production and distribution
    • Food – production, processing, and distribution
    • Medical device production (may become a critical service in the event of a public health emergency)
    • Production of computers, electronic and optical products, electrical equipment, machinery and equipment, motor and other transport vehicles
    • Digital service providers – online marketplaces, internet search engines, and social media platform providers
    • Education – private and public entities
    • Research

    Measures are implemented independently and confirmed through a self-assessment process. They are subject to oversight when information indicating non-compliance is received.

    Companies will be required to maintain more comprehensive documentation related to information and communication technology. We recommend inquiring about the NIS2 Directive by contacting us directly!

    Next steps to take

    1. Compliance analysis with the NIS2 Directive: records of all equipment and assigned users, list of services used by employees along with associated user accounts, prevention and response procedures in the event of a cyberattack, maintenance, and development plan for the company’s IT infrastructure.
    2. Establishment of processes and consulting
    3. Implementation of necessary solutions
    4. Continuous monitoring and improvements

    To ensure the successful implementation of these steps, at Ofir, we offer a structured and comprehensive approach through a wide range of ICT services tailored to your information system. We believe that our long-standing experience and the trust of our clients will ease your digital security efforts, protect your data, and further improve and stabilize business processes.

    Comprehensive adaptation approach

    • Consultations

      Analyzing the current state of digitalization and business processes
      Developing strategies and policies related to information security and infrastructure
      Preparing procedures for minimizing the risk of cyber vulnerabilities
      Adapting and aligning documentation for existing clients
      Employee training services and raising awareness about the importance of IT security

    • Solutions

      Solutions for tracking IT equipment and resources
      Systems and solutions for data storage and security
      Solutions for high availability of all infrastructure services
      Two-factor authentication
      Implementation of access control and monitoring systems
      Next-generation firewalls and antivirus systems
      Monitoring, control, and protection of web traffic and communications

    Adapt your company to the NIS2 Directive with Ofir!

    For any additional questions, feel free to contact us at the phone numbers:

    031 273 236

    091 1 273 236

    Contact us