{"id":6837,"date":"2025-05-28T15:41:20","date_gmt":"2025-05-28T13:41:20","guid":{"rendered":"https:\/\/prosteit.pl\/?p=6837"},"modified":"2025-10-03T10:44:46","modified_gmt":"2025-10-03T08:44:46","slug":"nis-directive-2-everything-you-need-to-know","status":"publish","type":"post","link":"https:\/\/prosteit.pl\/en\/nis-directive-2-everything-you-need-to-know\/","title":{"rendered":"NIS Directive 2 \u2013 Everything You Need to Know in 2025"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"6837\" class=\"elementor elementor-6837\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-754a204 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"754a204\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-181fa4f\" data-id=\"181fa4f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2fb5057d elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"2fb5057d\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-start=\"270\" data-end=\"641\">Over the past few years, cybersecurity has become a key topic for companies operating in the European Union. The number of cyberattacks is constantly growing, and their consequences can be catastrophic - both financially and in terms of image. It is no wonder that the EU has decided to tighten regulations on the security of networks and information systems.<\/p><p data-start=\"643\" data-end=\"1127\">One of the most important legal acts in this area is <strong data-start=\"703\" data-end=\"722\">NIS Directive 2<\/strong> <a href=\"https:\/\/digital-strategy.ec.europa.eu\/pl\/policies\/nis2-directive\" target=\"_blank\" rel=\"noopener\">(Network and Information Systems Directive 2)<\/a>, which is to replace the previous NIS Directive from 2016. The new regulations introduce a number of obligations for companies from various sectors - not only the largest ones, but also medium-sized and in some cases even small enterprises. What&#039;s more, failure to implement the NIS 2 requirements is subject to severe financial penalties that can seriously threaten the stability of the company.<\/p><p data-start=\"1129\" data-end=\"1366\">For many entrepreneurs, the topic <strong data-start=\"1161\" data-end=\"1180\">NIS 2 implementations<\/strong> sounds complicated. What exactly is this directive? Who does it cover? What obligations does it impose? And most importantly: how to ensure compliance with the regulations so as not to expose yourself to sanctions?<\/p><p data-start=\"1368\" data-end=\"1699\">In this article you will find <strong data-start=\"1394\" data-end=\"1437\">accessible but detailed explanation<\/strong> all key issues related to NIS 2. We will also show you how <strong data-start=\"1525\" data-end=\"1537\">SimpleIT<\/strong> can help your company conduct an audit <a href=\"https:\/\/prosteit.pl\/en\/what-is-a-security-operations-center\/\">IT security<\/a>, the development of appropriate policies and procedures, and the full implementation of the requirements of the Directive.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c96570 elementor-widget elementor-widget-image\" data-id=\"3c96570\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"507\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/dyrektywa-nis-2-audyt-bezpieczenstwa-w-firmie-ozarow-mazowiecki.jpg\" class=\"attachment-full size-full wp-image-6838\" alt=\"nis directive 2 logo, sample graphic, simple it\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/dyrektywa-nis-2-audyt-bezpieczenstwa-w-firmie-ozarow-mazowiecki.jpg 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/dyrektywa-nis-2-audyt-bezpieczenstwa-w-firmie-ozarow-mazowiecki-300x149.jpg 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/dyrektywa-nis-2-audyt-bezpieczenstwa-w-firmie-ozarow-mazowiecki-768x380.jpg 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/dyrektywa-nis-2-audyt-bezpieczenstwa-w-firmie-ozarow-mazowiecki-18x9.jpg 18w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-398e064 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"398e064\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c1a1168\" data-id=\"c1a1168\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5bd04e7 elementor-align-center elementor-widget elementor-widget-button\" data-id=\"5bd04e7\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/eur-lex.europa.eu\/legal-content\/PL\/TXT\/?uri=CELEX%3A32022L2555&#038;qid=1672304676247\" target=\"_blank\" rel=\"noopener\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Full text version of the directive<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-020273b elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"020273b\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-f285af3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f285af3\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6899064\" data-id=\"6899064\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f637e9d elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"f637e9d\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"dlaczegoexcel\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"236\" data-end=\"635\"><span style=\"color: #ff6500; font-size: 24px; text-align: start;\">What is NIS Directive 2?<\/span><\/h2><p data-start=\"236\" data-end=\"635\">The NIS 2 Directive, or Network and Information Systems Directive 2, is a new European Union regulation that aims to significantly strengthen <strong data-start=\"380\" data-end=\"419\">Enterprise Cybersecurity<\/strong> operating in the Member States. This is an update of the earlier NIS Directive from 2016, which was the first ever EU legislation on the security of network and information systems.<\/p><p data-start=\"637\" data-end=\"1032\">Why were the new regulations introduced? The digital world is changing at a rapid pace. The development of technology, the growing number of internet connections, remote work, cloud computing - all this creates not only huge opportunities, but also <strong data-start=\"877\" data-end=\"896\">new threats<\/strong>. Cybercrime is becoming increasingly complex and costly, and existing regulations are no longer adequate to address current challenges.<\/p><h3 data-start=\"1034\" data-end=\"1061\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">The purpose of the NIS 2 directive<\/span><\/h3><p data-start=\"1063\" data-end=\"1174\">The main objective of NIS 2 is to raise the overall level of cyber resilience across the European Union. This means:<\/p><p data-start=\"1176\" data-end=\"1488\">\u2705 increasing the level of protection of networks and IT systems,<br data-start=\"1239\" data-end=\"1242\" \/>\u2705 improving the exchange of information between Member States,<br data-start=\"1307\" data-end=\"1310\" \/>\u2705 strengthening the resilience of critical services (e.g. in the energy, health, transport sectors),<br data-start=\"1411\" data-end=\"1414\" \/>\u2705 ensuring effective response to serious cyber incidents.<\/p><h3 data-start=\"1490\" data-end=\"1553\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">What does NIS 2 change compared to the previous directive?<\/span><\/h3><p data-start=\"1555\" data-end=\"1673\"><a href=\"https:\/\/www.gov.pl\/web\/infrastruktura\/informacje-biezace\" target=\"_blank\" rel=\"noopener\">NIS Directive 2<\/a> is much more ambitious than its predecessor. It introduces a number of key changes, such as:<\/p><ul data-start=\"1675\" data-end=\"2378\"><li data-start=\"1675\" data-end=\"1876\"><p data-start=\"1677\" data-end=\"1876\"><strong data-start=\"1677\" data-end=\"1731\">\u2022 Expanding the scope of entities covered by the regulations<\/strong> \u2014 not only the largest companies, but also medium-sized and even some small businesses if their activities are important to society.<\/p><\/li><li data-start=\"1877\" data-end=\"2054\"><p data-start=\"1879\" data-end=\"2054\"><strong data-start=\"1879\" data-end=\"1910\">\u2022 Uniform rules throughout the EU<\/strong> \u2014 previous regulations were implemented by member states in different ways, which caused chaos. NIS 2 focuses on harmonization of regulations.<\/p><\/li><li data-start=\"2055\" data-end=\"2202\"><p data-start=\"2057\" data-end=\"2202\"><strong data-start=\"2057\" data-end=\"2110\">\u2022 Increased requirements for risk management<\/strong> \u2014 companies must demonstrate much more advanced security procedures.<\/p><\/li><li data-start=\"2203\" data-end=\"2267\"><p data-start=\"2205\" data-end=\"2267\"><strong data-start=\"2205\" data-end=\"2235\">\u2022 Tougher financial sanctions<\/strong> for failure to fulfill obligations.<\/p><\/li><li data-start=\"2268\" data-end=\"2378\"><p data-start=\"2270\" data-end=\"2378\"><strong data-start=\"2270\" data-end=\"2315\">\u2022 Obligation to report serious incidents<\/strong> within a very short time (e.g. within 24 hours of detection).<\/p><\/li><\/ul><h3 data-start=\"2380\" data-end=\"2427\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Why is NIS 2 so important for businesses?<\/span><\/h3><p data-start=\"2429\" data-end=\"2736\">Although the NIS 2 Directive is EU law, in practice it means specific changes that must be introduced <strong data-start=\"2531\" data-end=\"2549\">entrepreneurs<\/strong> in their organizations. This is not just \u201canother paper obligation\u201d, but real actions to protect the company from increasingly advanced digital threats.<\/p><p data-start=\"2738\" data-end=\"3033\">Importantly, the NIS 2 Directive is not limited to the technological sphere - it also covers issues <strong data-start=\"2828\" data-end=\"2845\">organizational<\/strong> (e.g. security policies, incident response procedures, employee training), which means that its implementation requires the involvement of not only IT departments, but also company management boards.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section data-particle_enable=\"true\" class=\"eael-section-particles-5aa32c4 elementor-section elementor-top-section elementor-element elementor-element-5aa32c4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-eael_ptheme_source=\"presets\" data-preset_theme=\"default\" data-custom_style=\"\" data-particle_opacity=\"0.5\" data-particle_speed=\"6\" data-particle-mobile-disabled=\"false\" data-id=\"5aa32c4\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b2a7c81\" data-id=\"b2a7c81\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t            <style>\n                .elementor-element-5aa32c4.eael-particles-section > canvas {\n                    z-index: -1;\n                    position: absolute;\n                    top:0;\n                }\n            <\/style>\n        \t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-993d926 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"993d926\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;ekit_has_onepagescroll_dot&quot;:&quot;yes&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-324a789\" data-id=\"324a789\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-aa1ee36 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"aa1ee36\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"230\" data-end=\"266\"><span style=\"color: #ff6500; font-size: 24px; text-align: start;\">Who does the NIS 2 Directive apply to?<\/span><\/h2><p data-start=\"268\" data-end=\"535\">One of the biggest problems we see among business owners is uncertainty: <strong data-start=\"356\" data-end=\"393\">Is my company subject to NIS 2?<\/strong> In this chapter we answer this question in detail, because knowing the scope of the directive is a key step before we start thinking about implementation.<\/p><h3 data-start=\"537\" data-end=\"581\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Division into key and important entities<\/span><\/h3><p data-start=\"583\" data-end=\"639\">The NIS 2 Directive divides companies into two main categories:<\/p><p data-start=\"641\" data-end=\"957\">\u2022 <strong data-start=\"643\" data-end=\"685\">Essential entities<\/strong> \u2014 organizations that provide services of strategic importance for the functioning of society and the economy.<br data-start=\"799\" data-end=\"802\" \/>\u2022 <strong data-start=\"804\" data-end=\"843\">Important entities<\/strong> \u2014 companies that, although not considered essential, still have a significant impact on digital security in Europe.<\/p><p data-start=\"959\" data-end=\"1059\">Each of these groups has its own set of responsibilities and is subject to supervision by state supervisory authorities.<\/p><h3 data-start=\"1066\" data-end=\"1104\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Sectors covered by NIS Directive 2<\/span><\/h3><p data-start=\"1106\" data-end=\"1157\"><strong data-start=\"1106\" data-end=\"1127\">Key entities<\/strong> They operate, among others, in the following sectors:<\/p><ul data-start=\"1158\" data-end=\"1502\"><li data-start=\"1158\" data-end=\"1201\"><p data-start=\"1160\" data-end=\"1201\">\u2022 energy (electricity, gas, heat suppliers),<\/p><\/li><li data-start=\"1202\" data-end=\"1263\"><p data-start=\"1204\" data-end=\"1263\">\u2022 transport (railways, airports, ports, public transport),<\/p><\/li><li data-start=\"1264\" data-end=\"1355\"><p data-start=\"1266\" data-end=\"1355\">\u2022 health (hospitals, clinics, laboratories, suppliers of IT systems for healthcare),<\/p><\/li><li data-start=\"1356\" data-end=\"1405\"><p data-start=\"1358\" data-end=\"1405\">\u2022 banking, financial market infrastructure,<\/p><\/li><li data-start=\"1406\" data-end=\"1467\"><p data-start=\"1408\" data-end=\"1467\">\u2022 digital infrastructure (e.g. data centers, DNS providers),<\/p><\/li><li data-start=\"1468\" data-end=\"1502\"><p data-start=\"1470\" data-end=\"1502\">\u2022 suppliers of drinking water and sewage.<\/p><\/li><\/ul><p data-start=\"1504\" data-end=\"1532\"><strong data-start=\"1504\" data-end=\"1522\">Important entities<\/strong> for example:<\/p><ul data-start=\"1533\" data-end=\"1772\"><li data-start=\"1533\" data-end=\"1609\"><p data-start=\"1535\" data-end=\"1609\">\u2022 digital service providers (e-commerce, search engines, cloud platforms),<\/p><\/li><li data-start=\"1610\" data-end=\"1674\"><p data-start=\"1612\" data-end=\"1674\">\u2022 manufacturers of key technologies (e.g. network devices),<\/p><\/li><li data-start=\"1675\" data-end=\"1721\"><p data-start=\"1677\" data-end=\"1721\">\u2022 postal and courier service operators,<\/p><\/li><li data-start=\"1722\" data-end=\"1772\"><p data-start=\"1724\" data-end=\"1772\">\u2022 waste managers, producers of certain goods.<\/p><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fda4a8e elementor-widget elementor-widget-image\" data-id=\"fda4a8e\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"708\" height=\"390\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/nis-2-dyrektywa-co-to.webp\" class=\"attachment-full size-full wp-image-6839\" alt=\"nis directive 2\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/nis-2-dyrektywa-co-to.webp 708w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/nis-2-dyrektywa-co-to-300x165.webp 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/nis-2-dyrektywa-co-to-18x10.webp 18w\" sizes=\"(max-width: 708px) 100vw, 708px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8a616f3 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"8a616f3\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3 data-start=\"230\" data-end=\"266\">\u00a0<span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Who exactly qualifies? Checklist for entrepreneurs<\/span><\/h3><p data-start=\"1849\" data-end=\"1938\">Here <strong data-start=\"1853\" data-end=\"1876\">simple set of questions<\/strong>, which will help you assess whether your company is subject to <a href=\"https:\/\/www.gov.pl\/web\/infrastruktura\/informacje-biezace\" target=\"_blank\" rel=\"noopener\">NIS2<\/a>:<\/p><p data-start=\"1940\" data-end=\"2356\">\ud83d\udd39 Do you operate in one of the sectors mentioned?<br data-start=\"1989\" data-end=\"1992\" \/>\ud83d\udd39 Does your company employ at least 50 people? <strong data-start=\"2037\" data-end=\"2044\">or<\/strong> achieves an annual turnover of over 10 million euros?<br data-start=\"2090\" data-end=\"2093\" \/>\ud83d\udd39 Does your company provide services that are important to public safety, the economy, or critical infrastructure?<br data-start=\"2222\" data-end=\"2225\" \/>\ud83d\udd39 Do your IT systems handle sensitive data or enable critical systems (e.g. in the health, energy sectors)?<\/p><p data-start=\"2358\" data-end=\"2489\">If you answer &quot;yes&quot; to any of these questions, there is a very high probability that you are subject to <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/PL\/TXT\/?uri=CELEX%3A32022L2555&amp;qid=1672304676247\" target=\"_blank\" rel=\"noopener\">NIS Directive 2<\/a>.<\/p><h3 data-start=\"2496\" data-end=\"2541\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">How many companies in Poland will be affected by these regulations?<\/span><\/h3><p data-start=\"2543\" data-end=\"2872\">It is estimated that the NIS 2 directive will cover even <strong data-start=\"2598\" data-end=\"2618\">10,000 entities<\/strong>, which is a significant expansion compared to the previous NIS Directive. It is not just large corporations - a large part are medium and smaller enterprises that were not aware of the requirements related to <strong data-start=\"2829\" data-end=\"2869\">Enterprise Cybersecurity<\/strong>.<\/p><h3 data-start=\"2879\" data-end=\"2918\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">By when do you have to adapt?<\/span><\/h3><p data-start=\"251\" data-end=\"548\">Every country had time <strong data-start=\"375\" data-end=\"407\">until October 17, 2024<\/strong>, to introduce it into their national law \u2013 i.e. to prepare a law and regulations that will tell companies exactly what to do \u2013 Poland did not do this in time. As a result, the European Commission filed a lawsuit against Poland (and several other countries) <strong style=\"color: #151718;\" data-start=\"676\" data-end=\"717\">a lawsuit to the Court of Justice of the EU<\/strong> for the delay. This is a form of pressure - the EU requires Poland to adopt the appropriate regulations as soon as possible. Currently, the draft act is at the stage of review and public consultation. Considering the standard pace of legislative work, it can be assumed that:<\/p><p>\u27a1\ufe0f the regulations will come into force <strong data-start=\"1625\" data-end=\"1667\">no later than the second half of 2025<\/strong>, and perhaps even faster if the pressure from the EU is strong enough,<br data-start=\"1749\" data-end=\"1752\" \/>\u27a1\ufe0f once the law is passed, there probably won&#039;t be much time left to adapt - because companies should be ready <strong data-start=\"1867\" data-end=\"1890\">almost immediately<\/strong>.<\/p><h6 data-start=\"1900\" data-end=\"1930\"><strong data-start=\"1907\" data-end=\"1930\">What to do now?<\/strong><\/h6><p data-start=\"1932\" data-end=\"2297\">Although we do not yet have a Polish regulation, companies should not wait idly. Why? Because implementing NIS 2 is not something that can be done &quot;overnight&quot;. It is a process that requires:<br data-start=\"2116\" data-end=\"2119\" \/>\u2705 IT systems audit<br data-start=\"2140\" data-end=\"2143\" \/>\u2705 review of procedures<br data-start=\"2164\" data-end=\"2167\" \/>\u2705 creating emergency plans<br data-start=\"2198\" data-end=\"2201\" \/>\u2705 team training<br data-start=\"2225\" data-end=\"2228\" \/>\u2705 and sometimes even replacing technologies or changing IT service providers.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-40711bb elementor-widget elementor-widget-image\" data-id=\"40711bb\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1680\" height=\"1260\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/bezpieczenstwo-it-w-firmie-ozarow-mazowiecki.jpg\" class=\"attachment-full size-full wp-image-6841\" alt=\"it for the company Pruszk\u00f3w, Piast\u00f3w, B\u0142onie, Stare Babice, Brzyn\u00f3w, ProsteIT\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/bezpieczenstwo-it-w-firmie-ozarow-mazowiecki.jpg 1680w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/bezpieczenstwo-it-w-firmie-ozarow-mazowiecki-300x225.jpg 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/bezpieczenstwo-it-w-firmie-ozarow-mazowiecki-1024x768.jpg 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/bezpieczenstwo-it-w-firmie-ozarow-mazowiecki-768x576.jpg 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/bezpieczenstwo-it-w-firmie-ozarow-mazowiecki-1536x1152.jpg 1536w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/bezpieczenstwo-it-w-firmie-ozarow-mazowiecki-16x12.jpg 16w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/bezpieczenstwo-it-w-firmie-ozarow-mazowiecki-400x300.jpg 400w\" sizes=\"(max-width: 1680px) 100vw, 1680px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2a8574e elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"2a8574e\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"256\" data-end=\"300\"><span style=\"color: #ff6500; font-size: 24px; text-align: start;\">Key obligations arising from NIS 2<\/span><\/h2>\n<p data-start=\"302\" data-end=\"551\">For many entrepreneurs, the mere awareness that they are subject to the NIS 2 directive is just the beginning. The most important question is: <strong data-start=\"435\" data-end=\"504\">What exactly needs to be done to comply with the new regulations?<\/strong> In this chapter we explain it step by step.<\/p>\n<h3 data-start=\"302\" data-end=\"551\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Risk assessment and risk management<\/span><\/h3>\n<p data-start=\"607\" data-end=\"921\">Every company covered by NIS 2 is obliged to regularly analyze <strong data-start=\"667\" data-end=\"713\">cybersecurity threats<\/strong>. It&#039;s not just about standard security measures like antivirus or firewalls - you need to carefully assess where the gaps may appear, what the potential attack scenarios are, and what their effects may be.<\/p>\n<p data-start=\"923\" data-end=\"1134\">Examples of activities:<br data-start=\"945\" data-end=\"948\">\u2022 Identification of key systems and data,<br data-start=\"993\" data-end=\"996\">\u2022 Conducting risk analysis (e.g. IT security audit),<br data-start=\"1059\" data-end=\"1062\">\u2022 Preparation of an action plan to minimize identified risks.<\/p>\n<h3 data-start=\"1141\" data-end=\"1186\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Technical and organizational measures<\/span><\/h3>\n<p data-start=\"1188\" data-end=\"1321\">The company must implement both <strong data-start=\"1215\" data-end=\"1229\">Technical<\/strong>, What <strong data-start=\"1237\" data-end=\"1254\">organizational<\/strong> security to help protect its systems. What does that mean?<\/p>\n<p data-start=\"1323\" data-end=\"1603\">\ud83d\udd39 Technical measures: data encryption, incident monitoring and detection systems, access control, <a href=\"https:\/\/prosteit.pl\/en\/backup-and-recovery-solutions\/\">Backups<\/a>, network security.<br data-start=\"1470\" data-end=\"1473\">\ud83d\udd39 Organizational measures: security policies, incident response procedures, test schedules, team training.<\/p>\n<p data-start=\"1605\" data-end=\"1747\">It is important to remember that <strong data-start=\"1632\" data-end=\"1671\">Enterprise Cybersecurity<\/strong> It doesn\u2019t end with technology \u2013 the preparation of people plays a huge role.<\/p>\n<h3 data-start=\"1754\" data-end=\"1787\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Incident reporting<\/span><\/h3>\n<p data-start=\"1789\" data-end=\"2007\">If a serious incident occurs in a company (e.g. ransomware attack, data leak, critical system failure), the NIS 2 Directive imposes an obligation to promptly report this fact to the relevant supervisory authorities.<\/p>\n<p data-start=\"2009\" data-end=\"2204\">What does the process look like?<br data-start=\"2028\" data-end=\"2031\">\u2022 Pre-registration <strong data-start=\"2052\" data-end=\"2073\">within 24 hours<\/strong> from the detection of an incident,<br data-start=\"2096\" data-end=\"2099\">\u2022 Detailed report <strong data-start=\"2120\" data-end=\"2141\">within 72 hours<\/strong>,<br data-start=\"2142\" data-end=\"2145\">\u2022 Final report upon completion of internal investigation.<\/p>\n<p data-start=\"2206\" data-end=\"2383\">Importantly, companies must be prepared <strong data-start=\"2246\" data-end=\"2265\">clear procedures<\/strong>, who is responsible for reporting incidents, how to collect data and what information should be provided to state authorities.<\/p>\n<h3 data-start=\"2390\" data-end=\"2434\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Maintaining business continuity<\/span><\/h3>\n<p data-start=\"2436\" data-end=\"2744\">The directive requires organizations to have a contingency plan in place so that in the event of an incident, they can quickly restore key services. This means creating procedures such as:<br data-start=\"2615\" data-end=\"2618\">\u2022 Disaster Recovery Plan,<br data-start=\"2673\" data-end=\"2676\">\u2022 Business Continuity Plan.<\/p>\n<h3 data-start=\"2751\" data-end=\"2794\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Regular audits and updates<\/span><\/h3>\n<p data-start=\"2796\" data-end=\"3062\">NIS 2 compliance is not a one-time implementation of procedures. Companies must regularly:<br data-start=\"2883\" data-end=\"2886\">\u2022 conduct IT security audits,<br data-start=\"2927\" data-end=\"2930\">\u2022 update its policies, procedures and systems,<br data-start=\"2981\" data-end=\"2984\">\u2022 respond to changing threats (e.g. new types of attacks, vulnerabilities).<\/p>\n<h3 data-start=\"3069\" data-end=\"3106\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Training for employees<\/span><\/h3>\n<p data-start=\"3108\" data-end=\"3419\">Let&#039;s not forget about the human factor! Employees are often the weakest link in a cybersecurity system. That&#039;s why NIS 2 requires:<br data-start=\"3238\" data-end=\"3241\">\u2022 organization of cybersecurity training,<br data-start=\"3293\" data-end=\"3296\">\u2022 building awareness of threats (e.g. phishing, social engineering),<br data-start=\"3359\" data-end=\"3362\">\u2022 establishing clear rules for the use of IT systems.<\/p>\n<h3 data-start=\"3426\" data-end=\"3464\"><span style=\"color: #ff6500; font-size: 20px; text-align: start;\">Sanctions and responsibility<\/span><\/h3>\n<p data-start=\"3466\" data-end=\"3740\">Failure to comply with the obligations arising from NIS 2 may result in:<br data-start=\"3531\" data-end=\"3534\">\u26a0\ufe0f Financial penalties - for key entities up to <strong data-start=\"3592\" data-end=\"3612\">10 million euros<\/strong> or 2% annual turnover,<br data-start=\"3636\" data-end=\"3639\">\u26a0\ufe0f Responsibility of board members who should oversee the organization&#039;s compliance with the directive.<\/p>\n<p data-start=\"3742\" data-end=\"3862\">This is important: implementing NIS 2 is not just a task for <a href=\"https:\/\/prosteit.pl\/en\/how-to-speed-up-your-companys-internet-and-optimize-your-network\/\">IT department<\/a> - that <strong data-start=\"3813\" data-end=\"3859\">the responsibility of the entire organization, including the board<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dfc6f26 elementor-widget elementor-widget-image\" data-id=\"dfc6f26\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1920\" height=\"1080\" src=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/audyt-bezpieczenstwa-dla-firmy-ozarow-mazowiecki.jpg\" class=\"attachment-full size-full wp-image-6840\" alt=\"\" srcset=\"https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/audyt-bezpieczenstwa-dla-firmy-ozarow-mazowiecki.jpg 1920w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/audyt-bezpieczenstwa-dla-firmy-ozarow-mazowiecki-300x169.jpg 300w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/audyt-bezpieczenstwa-dla-firmy-ozarow-mazowiecki-1024x576.jpg 1024w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/audyt-bezpieczenstwa-dla-firmy-ozarow-mazowiecki-768x432.jpg 768w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/audyt-bezpieczenstwa-dla-firmy-ozarow-mazowiecki-1536x864.jpg 1536w, https:\/\/prosteit.pl\/wp-content\/uploads\/2025\/05\/audyt-bezpieczenstwa-dla-firmy-ozarow-mazowiecki-18x10.jpg 18w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f3bd7fd elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"f3bd7fd\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;ekit_we_effect_on&quot;:&quot;none&quot;}\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2 data-start=\"207\" data-end=\"271\"><span style=\"color: #ff6500; font-size: 24px; text-align: start;\">Summary<\/span><\/h2><p data-start=\"273\" data-end=\"658\">As you can see, implementing the NIS 2 directive is not a simple matter of checking off a few formalities. It is a complex process that includes <strong data-start=\"395\" data-end=\"422\">IT security audit<\/strong>, risk analysis, implementation of procedures, <a href=\"https:\/\/prosteit.pl\/en\/password-management-in-the-company-password-manager-overview\/\">preparation of documentation<\/a>, as well as training the entire team.<\/p><p data-start=\"660\" data-end=\"840\">This is where it comes in <strong data-start=\"682\" data-end=\"694\">SimpleIT<\/strong>. Our goal is to help companies navigate all stages of cybersecurity and new regulations.<\/p><p data-start=\"842\" data-end=\"1465\">What do we offer?<br data-start=\"855\" data-end=\"858\" \/>\u2705 <strong data-start=\"860\" data-end=\"893\">Full IT Security Audit<\/strong> \u2014 we\u2019ll identify pain points in your company\u2019s IT infrastructure before cybercriminals do.<br data-start=\"974\" data-end=\"977\" \/>\u2705 <strong data-start=\"979\" data-end=\"1028\">Implementation of NIS 2 compliant policies and procedures<\/strong> \u2014 we will prepare not only documents, but also practical solutions.<br data-start=\"1094\" data-end=\"1097\" \/>\u2705 <strong data-start=\"1099\" data-end=\"1171\">Assistance in creating emergency plans and incident reporting procedures<\/strong> \u2014 so that your company can operate efficiently even in times of crisis.<br data-start=\"1230\" data-end=\"1233\" \/>\u2705 <strong data-start=\"1235\" data-end=\"1264\">Training for employees<\/strong> \u2014 we will build awareness of cyber threats across the entire team.<br data-start=\"1318\" data-end=\"1321\" \/>\u2705 <strong data-start=\"1323\" data-end=\"1358\">IT outsourcing and ongoing support<\/strong> \u2014 if you don&#039;t have your own IT department, we can take over some of the tasks, giving you peace of mind and security.<\/p><p data-start=\"1467\" data-end=\"1647\">Thanks to our experience and knowledge of regulations, we will make sure that your company is fully prepared for the new challenges related to <strong data-start=\"1604\" data-end=\"1644\">Enterprise Cybersecurity<\/strong>.<\/p><p data-start=\"1649\" data-end=\"1873\">If you want to find out how we can tailor our services to your needs, <strong data-start=\"1731\" data-end=\"1765\">contact us today<\/strong>. We offer a free consultation during which we will assess what actions are needed in your case.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Over the past few years, cybersecurity has become a key issue for companies operating in the European Union. The number of cyberattacks is constantly growing, and their consequences can be devastating\u2014both financially and to the company&#039;s reputation. It&#039;s no surprise, then, that the EU has decided to tighten regulations on the security of networks and information systems. One of the most important pieces of legislation [\u2026]<\/p>","protected":false},"author":4,"featured_media":6844,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[455],"tags":[433,570,558,562,560,568,572,571,553,555,449,448,225,224,451,569,573,576,561,582,565,563,564,566,574,575,579,580,554,559,581,567,226,234,439,578,577],"class_list":["post-6837","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpieczenstwo","tag-bezpieczenstwo-w-firmie","tag-co-oznacza-skrot-nis","tag-co-to-dyrektywa-nis-2","tag-co-to-jest-dokumentacja-nis2","tag-co-to-nis-2","tag-czy-nis2-jest-juz-obowiazujacym-prawem","tag-czy-szkoly-i-placowki-oswiatowe-podlegaja-dyrektywie-nis2","tag-czym-jest-sektor-publiczny-nis2","tag-dyrektywa-nis-2","tag-dyrektywa-nis-2-kiedy-wchodzi-w-zycie-w-polsce","tag-informatyk-ozarow-mazowiecki","tag-informatyk-warszawa","tag-it-dla-firm","tag-it-dla-malej-firmy","tag-it-dla-malych-firm","tag-jak-sprawdzic-czy-firma-podlega-pod-nis2","tag-jak-sprawdzic-czy-podlegam-pod-nis2","tag-jak-wprowadzic-nis-2","tag-jakie-firmy-podlegaja-nis2","tag-jakie-podmioty-podlegaja-pod-nis-2","tag-jakie-sa-kluczowe-cele-nis2","tag-jakie-sektory-obejmuje-nis-2","tag-kogo-obejmuje-nis2","tag-kto-bedzie-podlegal-pod-nis2","tag-nis-2-dla-kogo","tag-nis-2-dyrektywa","tag-nis-2-kary","tag-nis-2-kiedy","tag-nis-2-kiedy-wchodzi","tag-nis-2-kiedy-wchodzi-w-zycie","tag-nis-2-projekt-ustawy","tag-o-co-chodzi-z-nis2","tag-pomoc-it","tag-pomoc-it-dla-firm","tag-pomoc-komputerowa","tag-wdrazanie-nis-2-dla-firm","tag-wdrozenie-nis-2"],"_links":{"self":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts\/6837","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/comments?post=6837"}],"version-history":[{"count":19,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts\/6837\/revisions"}],"predecessor-version":[{"id":10134,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/posts\/6837\/revisions\/10134"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/media\/6844"}],"wp:attachment":[{"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/media?parent=6837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/categories?post=6837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prosteit.pl\/en\/wp-json\/wp\/v2\/tags?post=6837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}