NIS2 Implementation in Denmark
Curated by
capasystems_denmark
3 min read
61
2
According to the Danish Ministry of Defense, the implementation of the EU cybersecurity directive NIS2 in Denmark has been delayed, with the new expected start date set for October 2024, pushing the compliance deadline to late 2024 or early 2025.
Key Changes from NIS1 to NIS2
NIS2 introduces significant changes compared to its predecessor, NIS1. The new directive expands the scope of covered sectors and entities, including more industries such as digital services, manufacturing of critical products, and public administration
1
3
. It also imposes stricter cybersecurity requirements, mandating a holistic, risk-based approach to cyber and information security4
. NIS2 emphasizes the responsibility of management teams to approve and oversee security measures, and introduces more severe penalties for non-compliance, with fines potentially reaching up to 10 million euros or 2% of a company's global turnover4
. Additionally, NIS2 extends requirements to subcontractors working for covered companies, effectively broadening its impact throughout supply chains4
. The directive aims to standardize cybersecurity practices across EU member states, addressing the vague formulation of NIS1 that led to inconsistent implementation4
.5 sources
Sector-Specific Requirements under NIS2
NIS2 introduces a nuanced approach to sector-specific requirements, recognizing that certain industries may already have equivalent cybersecurity measures in place. According to Article 4 of the directive, if sector-specific Union legal acts require entities to adopt cybersecurity risk-management measures or incident reporting obligations that are at least equivalent to NIS2 requirements, those entities may be exempt from the relevant NIS2 provisions
4
. Currently, the Digital Operational Resilience Act (DORA) for the financial sector is the only recognized equivalent sector-specific legislation2
. For sectors not covered by equivalent legislation, NIS2 provisions will continue to apply3
. This approach aims to prevent fragmentation of cybersecurity provisions across the EU while ensuring a high level of cybersecurity across all critical sectors1
5
.5 sources
Penalties for Non-Compliance
NIS2 introduces significant penalties for non-compliance, distinguishing between essential and important entities. For essential entities, the maximum fine is set at €10,000,000 or 2% of the global annual revenue, whichever is higher. Important entities face penalties of up to €7,000,000 or 1.4% of the global annual revenue, whichever is greater.
1
2
Beyond financial penalties, NIS2 grants national authorities additional enforcement powers, including issuing compliance orders, mandating security audits, and temporarily banning individuals from holding management positions in cases of repeated violations.2
4
The directive also introduces personal liability for top management in cases of gross negligence, aiming to elevate cybersecurity as an organization-wide strategic priority.1
3
5 sources
CapaSystems NIS2 Webinar
capasystems.dk
CapaSystems, a Danish IT company, is offering a webinar to help organizations understand and prepare for the NIS2 directive. The webinar, scheduled for Wednesday, August 21st at 10:00 AM, aims to provide clarity on the complex world of NIS2
2
3
. Participants will have the opportunity to learn about the directive, which is set to take effect at the turn of the year, and gain insights into its implications for businesses1
. This educational initiative reflects the growing importance of cybersecurity awareness and compliance in light of the upcoming NIS2 implementation in Denmark.5 sources
Related
Hvornår starter webinaret om NIS2-direktivet
Hvordan kan jeg tilmelde mig webinaret på CapaSystems.dk
Er webinaret om NIS2-direktivet på engelsk
Er der en præsentation tilgængelig efter webinaret
Kan jeg stille spørgsmål live under webinaret
Keep Reading
EU approves world-first AI rules
The European Union has made history by approving the world's first comprehensive legal framework for artificial intelligence, known as the AI Act. This landmark legislation aims to regulate AI technologies based on their potential risks, ensuring the development of safe and trustworthy AI systems while protecting the rights of EU citizens.
35,437
X Dodges EU Regulation
According to reports from TechCrunch, the European Union has decided that Elon Musk's X (formerly Twitter) will not be regulated under the Digital Markets Act, determining that the platform is not a significant gateway for businesses to reach consumers, unlike other social media giants such as Meta and TikTok.
9,260
Apple's EU DMA Fine
According to sources, Apple is set to become the first company to face a fine under the European Union's Digital Markets Act, with regulators preparing penalties for the tech giant's failure to allow app developers to steer users to cheaper deals outside the App Store.
17,389
EU's Starlink Rival
The European Union has taken a significant step towards establishing its own secure satellite communications network, signing a €10.6 billion ($11.1 billion) deal to launch nearly 300 satellites into orbit by 2030. As reported by TechCrunch, this ambitious project, known as IRIS² (Infrastructure for Resilience, Interconnectivity and Security by Satellite), aims to rival Elon Musk's Starlink and bolster Europe's digital sovereignty.
5,556