Sign in
Forgot password?
Create account

Securing Critical Infrastructure – Are You Ready for NIS2?

CER and NIS2 – who, what, when

CER complements NIS2 by focusing on operational resilience, while NIS2 targets network and information system security.

 

What is CER Directive (Critical Entities Resilience)

Purpose: The CER Directive aims to strengthen the resilience and protection of critical entities that provide essential services across the EU, particularly against cyber, physical, and hybrid threats.

Entry into Force: Critical entities must be identified by 17 July 2026.

Who must comply:

  1. Energy: Electricity, oil, heating, hydrogen, and gas subsectors
  2. Transport: Air, rail, water, road, and public transport subsectors
  3. Banking: Credit institutions
  4. Financial market infrastructure: Trading venues, central counterparties subsectors
  5. Health: Healthcare providers, research labs, pharmaceutical operations and manufacturing, medical device manufacturing, and medicinal product distribution
  6. Drinking water: Drinking water supply and distribution
  7. Waste water: Sewage treatment and disposal, waste water collection
  8. Digital infrastructure: IXP, DNS service providers, TLD name registries, cloud computing services, data center service providers, content delivery networks, trust service providers, electronic communications networks
  9. Public administration: Government services, public administration of central governments
  10. Space: Ground-based infrastructures that support space-based service providers
  11. Food: Production, processing, distribution, supply chain, and wholesale distribution

Key Objectives:

  1. Enhance cyber and physical resilience of critical infrastructure.
  2. Improve risk assessment practices at both national and organizational levels.
  3. Address cross-border impacts and foster cooperation among Member States.

Obligations for Critical Entities:

  • Perform risk assessments
  • Report incidents within 24 hours
  • Undergo inspections, audits, and comply with directives
     
  • Enforcement: Managed by national competent authorities. The Critical Entities Resilience Group (CERG) supports EU-wide coordination.
  • Relation to NIS2: CER complements NIS2 by focusing on operational resilience, while NIS2 targets network and information system security.

 

Official Documents

What is NIS2?
The NIS2 Directive (Directive (EU) 2022/2555) is a European Union law that sets minimum cybersecurity requirements for critical infrastructure companies across the EU. It replaces the original NIS Directive and takes effect on October 18, 2024.

Purpose:
To improve and harmonize cybersecurity standards across EU Member States and reduce fragmentation from the original NIS.

Who must comply?
Organizations that meet all three criteria:

  1. Operate in the EU
  2. Have over 50 employees and €10M+ revenue
  3. Belong to critical sectors, such as:
    • Energy, Transport, Banking, Health, Water
    • ICT, Digital infrastructure, Public administration
    • Food, Chemicals, Manufacturing, Space, etc.

Entities are categorized as:

  • Essential: Larger, high-impact organizations
  • Important: Smaller or medium-sized but still critical

Key Requirements:

  • Implement cybersecurity risk-management measures
  • Report significant incidents to national CSIRTs
  • Manage supply chain risks
  • Ensure top-level management accountability
  • Maintain compliance documentation and regular audits

Reporting Duties:
Entities must submit:

  • Early warning
  • Incident notification
  • Intermediate, final, and progress reports

Penalties for Non-Compliance:

  • Essential entities: Up to €10M or 2% of global turnover
  • Important entities: Up to €7M or 1.4% of global turnover

Top Management Liability:
Executives are directly responsible for cybersecurity compliance.

 

Full NIS2 directive

See our product

Secondary security covers developed to provide enhanced network security

Security Cover

Unique electronic key system offers the highest level of security on the market.

Read more about
CyberKey