Navigating the NIS2 Directive: Who determines whether your company falls under its purview?
The NIS2 Directive has far-reaching implications for companies within the EU. But who decides whether your company falls under this? This article highlights the process and those responsible for this important decision.
The decision-making process
The determination of whether a company is affected by the NIS2 Directive lies in the hands of the national supervisory authorities of the EU member states. These authorities are responsible for monitoring and enforcing compliance with the NIS2 Directive.
Step 1: Self-assessment
Companies must undertake a self-assessment based on NIS2 criteria, focusing on aspects like company size and the importance of their critical infrastructure.
Step 2: Professional advice
For assistance, companies may seek guidance from consultants and legal experts to gain a comprehensive assessment of their position concerning the NIS” Directive.
Step 3: Exchange with the supervisory authority
To gain additional clarity, companies should directly engage with the relevant nation supervisory authority.
Step 4: Formal decision
The national authority, after evaluating the company’s provided information and other pertinent factors, will issue a formal decision regarding the NIS2 Directive’s applicability.
Step 5: Registration and Compliance
Companies falling under the NIS2 Directive are registered accordingly and undergo regular audits to verify compliance.
It is essential that companies act proactively and, if in doubt, contact the relevant authorities or qualified advisors. By seeking early clarification and ensuring compliance, companies can meet all legal requirements and safeguard themselves against potential risks.