The NIS2 directive, which came into force on January 16, 2023, formulates new, binding regulations on cyber security and affects over 3,000 mechanical engineering companies in Germany and more than 9,000 in the EU. But what does this mean for manufacturers of mobile machinery such as excavators, loaders and trucks?
What is the NIS2 directive?
The new version of the EU Network and Information Security Directive, known as NIS2, will in future oblige manufacturers of "critical products" such as machines to improve IT and OT security, and replaces the previous NIS1 Directive. The directive must be transposed into German law by October 17, 2024, and is thus of critical importance for mobile machine manufacturers, especially those with at least 50 employees or annual sales of 10 million euros.
What does NIS2 mean for mobile machine manufacturers?
For the companies concerned, an expanded catalog of obligations for cybersecurity arises, ranging from risk management and incident management to supply chain and personnel management. In addition, there are reporting obligations for significant security incidents with strict deadlines: an early warning within 24 hours, a detailed report within three days and a progress/final report after one month. In addition, there are severe sanctions and fines, which can be up to 10 million euros or up to 2 percent of the previous year's global sales, depending on the category of company.
Strategies for coping with NIS2 requirements
To avoid such penalties, we would like to provide you with concrete, practical recommendations on how to effectively integrate the implementation of the NIS2 guidelines in your company.
Assessment and planning: Identify which areas of your organization are most impacted by NIS2 requirements and create a structured policy implementation roadmap that engages all relevant departments.
Adapt security strategies: Optimize your current security and risk management strategies to meet new requirements. To do this, revise your existing security protocols and invest in improved firewall and antivirus software to better protect your networks.
Establish an incident management plan: Develop clear processes to quickly identify, report and resolve security incidents. Establish a 24/7 emergency response team that can respond immediately to cyber incidents.
Staff capacity building: Strengthen the awareness and skills of your workforce with regard to cybersecurity efforts. Promote cybersecurity skills among your staff through regular training and workshops to raise awareness of phishing and other cyber threats.
NIS2 as an opportunity
Consistent implementation of NIS2 policies provides not only compliance assurance, but also the opportunity to optimize your internal processes and strengthen your business against future cyber risks. By implementing sound cybersecurity practices, you can intensify the trust of your customers and partners while arming yourself against cyber threats. Thus, focusing on proactive action and structured implementation not only provides you with protection against potential sanctions, but also promotes a more resilient and future-proof business structure.
