The implementation of the NIS 2 directive in 2024 marks a pivotal development in strengthening cybersecurity across Europe. This far-reaching regulation imposes new, rigorous obligations on approximately 15,000 companies in France alone, transforming cybersecurity from a specialized IT concern into a strategic priority for the entire economic ecosystem.
According to Cédric Pasquier, Director, “The NIS 2 directive could drastically change the way cybersecurity is perceived and implemented by economic stakeholders.” The scope of the directive has expanded significantly, growing from 500 to nearly 15,000 affected entities. This evolution democratizes cybersecurity, making it a core responsibility for a diverse range of sectors—from public administrations and postal services to the energy and healthcare industries.
A critical focus of the directive lies in the protection of industrial and technical systems, which are often considered the weak points in cybersecurity defense strategies. “Industrial and technical systems are now virtually ubiquitous,” notes Jocelyn Zindy, Director of Digital Offerings, “and they are increasingly the target of sophisticated cyberattacks.”
To address these vulnerabilities, the NIS 2 directive mandates the implementation of concrete cybersecurity measures, including:
- Risk Assessment and Management: A thorough evaluation of cyber threats to design appropriate protective strategies.
- Enhanced Security Controls: Adoption of strong technical and organizational safeguards to secure industrial environments.
- Supply Chain Security: Ensuring that third-party and supplier networks are protected to prevent breaches.
- Incident Reporting Mechanisms: Establishing efficient systems for detecting and reporting cyber incidents.
- Collaboration and Information Sharing: Encouraging cooperation among industry players to anticipate and counteract threats more effectively.
As Jean Schnoebelen, Head of Industrial Systems Cybersecurity, emphasizes, “NIS 2 reinforces and harmonizes cybersecurity protocols across the European Union in response to the escalating cyber threat landscape.” Crucially, corporate leadership is held accountable, with substantial financial penalties for non-compliance.
To rise to these new challenges, organizations are urged to adopt a proactive cybersecurity stance, including:
- Conducting a comprehensive cybersecurity audit to evaluate current maturity
- Defining a customized cybersecurity strategy based on identified risks
- Implementing structured governance and operational frameworks
- Raising awareness and training employees to recognize and mitigate threats
While the NIS 2 directive presents a significant compliance challenge, it also offers a unique opportunity for organizations to bolster their resilience, operational continuity, and competitive edge.
To guide businesses through this transformation, Eiffage Énergie Systèmes has developed an in-depth white paper detailing the implications of the NIS 2 directive and how to protect critical industrial and technical systems effectively.
