ANDRITZ GROUP

Understanding the EU NIS2 Directive

Enhancing Cybersecurity for Pulp & Paper Companies

What is the NIS2 Directive?

The NIS2 Directive is a legislative framework established by the EU to enhance the cybersecurity and resilience of critical infrastructure sectors. It replaces and extends the first NIS Directive from 2016, aiming to ensure a high level of security across the Member States. The NIS2 Directive addresses the following objectives:

Strengthen the security requirements
Secure the supply chains
Streamline reporting obligations
More stringent supervisory measures
Stricter enforcement requirements
Harmonized sanctions across the EU

*EU Member States will have to transpose NIS2 into their national legislation by October 17, 2024.

Who is affected by NIS2 and how?

The NIS2 Directive distinguishes between Essential and Important entities:

Essential entities - include several sectors such as Energy, Transport, Water, and more, or any enterprise with a headcount over 250 or more than 50 million in revenue.
Important entities - include Manufacturing, Chemicals, Gas, Food, and more, or enterprises with headcount over 50 or more than 10 million revenue.

Essential entities will be required to meet supervisory requirements, while the Important entities will be subject to supervision, only in case authorities receive evidence of non-compliance.

Fines for essential entities amount to €10,000,000 or 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher, and up to € 7,000,000 or at least 1,4% of the total worldwide annual turnover of the preceding financial year for essential entities.

SEE HOW ANDRITZ can support your NIS2 compliance

What are the implications for the Pulp & Paper industry?

The NIS2 Directive is becoming the baseline for cybersecurity regulations in the EU. It also applies to non-EU organizations that provide services within Member States. The Pulp & Paper industry provides essential products and services, such as paper, packaging, and tissue. It is also a major employer, providing jobs for hundreds of thousands of mill workers around the world.

A disruption to the pulp & paper industry would have a significant impact on the economy and society, as well as potential environmental implications. Therefore, the Pulp & Paper industry now falls under the regulatory obligations set forth by the NIS2 directive.

How can I be prepared for NIS2?

To ensure operations resilience based on the NIS2 guidelines, and avoid significant financial impact due to lack of compliance, it is important to start implementing the needed measures, before the NIS2 Directive takes effect on your business.

Pulp & Paper mill operators should adhere to compliance with the NIS2 Directive requirements, by implementing a cybersecurity program that addresses the following areas:

Asset and network visibility
Operational Risk management
Supply chain security and access management
Protection against cyber-attack
Incident and Crisis management
Response and recovery planning

Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Praesent eu erat egestas, faucibus ipsum tristique, scelerisque tellus. Aliquam lobortis luctus velit sed sollicitudin. Suspendisse in porta justo. Suspendisse potenti. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Praesent eu erat egestas, faucibus ipsum tristique, scelerisque tellus. Aliquam lobortis luctus velit sed sollicitudin. Suspendisse in porta justo. Suspendisse potenti.

Talk with a Specialist!

Explore more similar materials:

Was this content helpful?

Yes No