{"id":28704,"date":"2023-10-17T09:00:00","date_gmt":"2023-10-17T07:00:00","guid":{"rendered":"https:\/\/www.risc-software.at\/?post_type=publication&#038;p=28704"},"modified":"2026-03-10T14:23:49","modified_gmt":"2026-03-10T13:23:49","slug":"network-and-information-systems-security-law-2-0","status":"publish","type":"publication","link":"https:\/\/www.risc-software.at\/en\/technicalarticles\/network-and-information-systems-security-law-2-0\/","title":{"rendered":"EU measures to strengthen cyber security: how you can best prepare for them"},"content":{"rendered":"\n<p class=\"wp-block-heading is-style-default has-medium-font-size wp-block-paragraph\"><em>The EU is planning comprehensive regulations to strengthen cyber security with the NIS 2 Directive and the Cyber Resilience Act. These measures will have a major impact on almost all digital processes, which should not come as a surprise.  <\/em><\/p>\n\n<h3 class=\"wp-block-heading\">by DI (FH) Stephan Leitner<\/h3>\n\n<p class=\"wp-block-paragraph\">As the world becomes increasingly interconnected, cyber security has taken on a new significance in everyday (working) life. To make the EU economy fit for this new world and protect users, the European Union is planning numerous mandatory packages of measures.  <br\/><br\/><\/p>\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile is-vertically-aligned-center\"><div class=\"wp-block-media-text__content\">\n<p class=\"wp-block-paragraph\"><strong>Contents<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Network and Information System Security Act(NIS) 2.0<\/li>\n\n\n\n<li>Law on cyber resilience<\/li>\n\n\n\n<li>Why waiting is not an option<\/li>\n\n\n\n<li>The first steps<\/li>\n\n\n\n<li>More links<\/li>\n\n\n\n<li>Author<\/li>\n<\/ul>\n<\/div><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"796\" src=\"https:\/\/www.risc-software.at\/app\/uploads\/2023\/10\/Firefly-Flagge-der-Europaeischen-Union-Hintergrund-binaerer-Code-Cyberresilienz-69390-1024x796.jpg\" alt=\"generated with Adobe Firefly\" class=\"wp-image-28702 size-full\" srcset=\"https:\/\/www.risc-software.at\/app\/uploads\/2023\/10\/Firefly-Flagge-der-Europaeischen-Union-Hintergrund-binaerer-Code-Cyberresilienz-69390-1024x796.jpg 1024w, https:\/\/www.risc-software.at\/app\/uploads\/2023\/10\/Firefly-Flagge-der-Europaeischen-Union-Hintergrund-binaerer-Code-Cyberresilienz-69390-300x233.jpg 300w, https:\/\/www.risc-software.at\/app\/uploads\/2023\/10\/Firefly-Flagge-der-Europaeischen-Union-Hintergrund-binaerer-Code-Cyberresilienz-69390-768x597.jpg 768w, https:\/\/www.risc-software.at\/app\/uploads\/2023\/10\/Firefly-Flagge-der-Europaeischen-Union-Hintergrund-binaerer-Code-Cyberresilienz-69390-1536x1195.jpg 1536w, https:\/\/www.risc-software.at\/app\/uploads\/2023\/10\/Firefly-Flagge-der-Europaeischen-Union-Hintergrund-binaerer-Code-Cyberresilienz-69390-2048x1593.jpg 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n<div class=\"wp-block-group-container alignfull \">\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading\">Network and Information System Security Act (NIS) 2.0<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The NIS 2 Directive is a European legal regulation on cyber security. It aims to ensure a high level of security for network and information systems in the EU. It focuses on sectors that are essential to society and the economy, such as energy, transport, health, finance and digital services. Compared to the current Network and Information System Security Act (NIS), which only applies to operators of so-called &#8220;essential services&#8221; and &#8220;digital services&#8221;, the scope of NIS 2 is extended to other sectors, including healthcare, water, wastewater, the chemical industry and digital infrastructure. The directive lays down stricter security requirements that must be met by the companies and organizations concerned. These include risk-based security measures, the introduction of security precautions and practices and the reporting of security incidents. The NIS 2 Directive provides for deterrent penalties for breaches of the security requirements, making both companies and individuals in management positions liable.       Member States must provide appropriate enforcement mechanisms to ensure that companies and organizations comply with the rules.  <\/p>\n<\/div>\n<\/div><div class=\"wp-block-group-container alignfull \">\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading\">Law on cyber resilience<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Unlike NIS2, which applies to companies in certain sectors or functions, the Cybersecurity Act applies to all products that have a digital component. This means that a wide range of products are affected, from a smart light bulb to a modern car. The directive is still being drafted, but it is expected that a series of mandatory measures will be prescribed. The entire product life cycle will be affected. For example, cyber security must be considered in the planning, design, development, manufacturing and maintenance phases. Comprehensive documentation and reporting obligations (e.g. reporting of vulnerabilities and incidents) will also be introduced.      Furthermore, vulnerabilities must be rectified promptly and security-relevant updates must be provided for each product sold for at least five years.  <\/p>\n<\/div>\n<\/div><div class=\"wp-block-group-container alignfull \">\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading\">Why waiting is not an option<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">By implementing measures from this directive at an early stage, companies can ensure that they comply with the legal requirements as soon as the directive comes into force in their country. This allows them a smooth transition and prevents possible sanctions or legal consequences.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Apart from legal requirements, these guidelines aim to improve the security of network and information systems. Cyber attacks are a constant threat. Companies that take early action to strengthen their security standards are better equipped to counter these threats.   By implementing security precautions and practices, organizations can identify and address potential vulnerabilities, increase the security of their systems and reduce the likelihood of successful attacks.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This can minimize financial losses &#8211; cyber attacks can cause considerable economic damage, be it through the loss of data, business interruptions or the theft of intellectual property. By taking proactive measures to secure their network and information systems, companies can identify and eliminate potential vulnerabilities, leading to a reduction in financial risk.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In addition, compliance with the NIS 2 directive can strengthen the trust of customers, partners and the public. With the increasing threat of cyber-attacks, the security of network and information systems has become a major concern. Companies that implement demonstrably robust security measures and meet the requirements of the NIS 2 Directive can strengthen their image as a trustworthy and reliable business partner.   This can lead to an improved competitive position, increased customer loyalty and a positive reputation.  <\/p>\n<\/div>\n<\/div><div class=\"wp-block-group-container alignfull \">\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">The first steps<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>1. impact assessment: <\/strong><br\/>First, a comprehensive assessment of the network and information systems must be carried out to identify potential vulnerabilities and risks. This includes analyzing the critical infrastructure, identifying sensitive data and assessing potential threats.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>2. development of a security strategy:<\/strong><br\/> A comprehensive security strategy should be developed on the basis of the assessment. This strategy should include the necessary security measures and practices to increase the level of protection of their network and information systems.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>3. implementation of technical and organizational measures: <\/strong><br\/>Appropriate technical and organizational measures must be taken to ensure the security of the systems. This includes the implementation of firewalls, intrusion detection systems (IDS), access controls, regular security updates and patches, secure configurations and access restrictions.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>4. risk management: <\/strong><br\/>Effective risk management must be established in order to identify and assess risks and take appropriate countermeasures. This includes continuous monitoring, detection of security incidents and rapid response to these incidents.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>5. <\/strong><strong>incident response plan: <\/strong><br\/>It is advisable to draw up an incident response plan that defines clear procedures for dealing with security incidents. This includes communication, the escalation procedure, the recovery of systems and data and cooperation with authorities and partners.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>6. training and sensitization:<\/strong> <br\/>employees should be instructed in the security measures and sensitized to possible threats. Training programs and regular security briefings can help raise awareness of cybersecurity and empower employees to perform security-related tasks effectively.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>7. cooperation and exchange:<\/strong> <br\/>You are not alone! The NIS 2 Directive emphasizes cooperation and the exchange of information between companies, authorities and relevant stakeholders.  <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">RISC Software GmbH is happy to support you in the development of secure and resilient software and contribute its expertise. With its motivated team of experts, your software will be developed from the very first step with the highest quality and security in mind. They will be happy to advise you on the implementation of your product idea or update your established software to the latest state of the art.  <\/p>\n<\/div>\n<\/div>\n<h2 class=\"wp-block-heading\">Further links<\/h2>\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.nis.gv.at\/nis-2-richtlinie.html\" target=\"_blank\" rel=\"noreferrer noopener\">The new NIS-2 Directive (Federal Chancellery)<\/a><\/div>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/digital-strategy.ec.europa.eu\/de\/library\/cyber-resilience-act\" target=\"_blank\" rel=\"noreferrer noopener\">Law on cyber resilience (EU)<\/a><\/div>\n<\/div>\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-7387b849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h2 class=\"has-text-align-left wp-block-heading\">Ansprechperson<\/h2>\n\n\n\n<div class=\"wp-block-contact-form-7-contact-form-selector\">\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f663-o1\" lang=\"en-US\" dir=\"ltr\" data-wpcf7-id=\"663\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/publication\/28704#wpcf7-f663-o1\" method=\"post\" class=\"wpcf7-form init\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"663\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.6\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f663-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<\/fieldset>\n<div class=\"form-row\">\n\t<div class=\"form-input\">\n\t\t<p><label class=\"sr-only\" for=\"your-name\">Your name <\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"your-name\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" id=\"your-name\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Name\" value=\"\" type=\"text\" name=\"your-name\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div class=\"form-input\">\n\t\t<p><label class=\"sr-only\" for=\"your-email\">Your email<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"your-email\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email\" id=\"your-email\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"E-Mail\" value=\"\" type=\"email\" name=\"your-email\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n<\/div>\n<div class=\"form-row\">\n\t<div class=\"form-input\">\n\t\t<p><label class=\"sr-only\" for=\"your-company\">Company <\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"your-company\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text\" id=\"your-company\" aria-invalid=\"false\" placeholder=\"Unternehmen\" value=\"\" type=\"text\" name=\"your-company\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n\t<div class=\"form-input\">\n\t\t<p><label class=\"sr-only\" for=\"your-position\">Position<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"your-position\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text\" aria-invalid=\"false\" placeholder=\"Position\" value=\"\" type=\"text\" name=\"your-position\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n<\/div>\n<div class=\"form-row\">\n\t<div class=\"form-input\">\n\t\t<p><label class=\"sr-only\" for=\"your-subject\"> Subject <\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"your-subject\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" id=\"your-subject\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Thema\" value=\"\" type=\"text\" name=\"your-subject\" \/><\/span>\n\t\t<\/p>\n\t<\/div>\n<\/div>\n<p><span id=\"wpcf7-6a118d7b521c7-wrapper\" class=\"wpcf7-form-control-wrap phone-95-wrap\" style=\"display: block;\n\t\t    width: 0px;\n\t\t    height: 0px;\n\t\t    padding: 0px;\n\t\t    border: 1px solid transparent;\n\t\t    display: block;\n\t\t    overflow: hidden;\n\t\t    \"><input type=\"hidden\" name=\"phone-95-random-hash\" value=\"82120899\"><label\n\t\t    for=\"wpcf7-6a118d7b521c7-field\"\n\t\t    class=\"hp-message\"\n        >Please leave this field empty.<\/label><input\n\t    id=\"wpcf7-6a118d7b521c7-field\"\n\t    \n\t    class=\"wpcf7-form-control wpcf7-text\"\n\t    type=\"text\"\n\t    name=\"twynvjuecg0t\"\n\t    value=\"\"\n\t    size=\"40\"\n\t    autocomplete=\"new-password\"\n\t    tabindex=\"1000\"\n    \/><\/span><br \/>\n<label class=\"sr-only\" for=\"your-message\"> Your message (optional)<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"your-message\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea\" id=\"your-message\" aria-invalid=\"false\" placeholder=\"Ihre Nachricht an uns\" name=\"your-message\"><\/textarea><\/span><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"hcap-cf7\">\t\t<input\n\t\t\t\ttype=\"hidden\"\n\t\t\t\tclass=\"hcaptcha-widget-id\"\n\t\t\t\tname=\"hcaptcha-widget-id\"\n\t\t\t\tvalue=\"eyJzb3VyY2UiOlsiY29udGFjdC1mb3JtLTdcL3dwLWNvbnRhY3QtZm9ybS03LnBocCJdLCJmb3JtX2lkIjo0MzZ9-c5ba05e011699d70dda36bf3838d9e02\">\n\t\t\t\t<span id=\"hcap_cf7-6a118d7b52fb18.88426167\" class=\"wpcf7-form-control h-captcha \"\n\t\t\tdata-sitekey=\"3a6a81c1-2b2e-4b2a-b1eb-d9446bc09afb\"\n\t\t\tdata-theme=\"light\"\n\t\t\tdata-size=\"normal\"\n\t\t\tdata-auto=\"false\"\n\t\t\tdata-ajax=\"false\"\n\t\t\tdata-force=\"false\">\n\t\t<\/span>\n\t\t<input type=\"hidden\" id=\"_wpnonce\" name=\"_wpnonce\" value=\"779faaf272\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/en\/wp-json\/wp\/v2\/publication\/28704\" \/><\/span><input class=\"wpcf7-form-control wpcf7-submit has-spinner btn\" type=\"submit\" value=\"Senden\" \/>\n<\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<h2 class=\"wp-block-heading\">Author<\/h2>\n\n\n<div class=\"contact-person\">\n      <picture>\n      \n      \n      \n      \n      <img decoding=\"async\" data-aos=\"fade-zoom-in\"\n           data-aos-offset=\"0\" class=\"w-full\" width=\"212\" height=\"293\"\n           src=\"https:\/\/www.risc-software.at\/app\/uploads\/2023\/07\/sleitner1-Background-Removed.jpg\"\n           alt=\"\">\n    <\/picture>\n    \n\n<h5 class=\"wp-block-heading\">DI (FH) Stephan Leitner<\/h5>\n\n\n\n<p class=\"wp-block-paragraph\">Head of Unit Domain-specific Applications<\/p>\n\n  <\/div>\n<\/div>\n<\/div>\n\n<h2 class=\"wp-block-heading\">Read more<\/h2>\n","protected":false},"excerpt":{"rendered":"<p>The EU is planning comprehensive regulations to strengthen cyber security with the NIS 2 Directive and the Cyber Resilience Act. These measures will have a major impact on almost all digital processes, which should not come as a surprise.  <\/p>\n","protected":false},"featured_media":28703,"template":"","publication-category":[49],"class_list":["post-28704","publication","type-publication","status-publish","has-post-thumbnail","hentry","publication-category-software-development"],"acf":[],"portrait_thumb_url":"https:\/\/www.risc-software.at\/app\/uploads\/2023\/10\/Firefly-Flagge-der-Europaeischen-Union-Hintergrund-binaerer-Code-Cyberresilienz-69390-360x214.jpg","_links":{"self":[{"href":"https:\/\/www.risc-software.at\/en\/wp-json\/wp\/v2\/publication\/28704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.risc-software.at\/en\/wp-json\/wp\/v2\/publication"}],"about":[{"href":"https:\/\/www.risc-software.at\/en\/wp-json\/wp\/v2\/types\/publication"}],"version-history":[{"count":2,"href":"https:\/\/www.risc-software.at\/en\/wp-json\/wp\/v2\/publication\/28704\/revisions"}],"predecessor-version":[{"id":36132,"href":"https:\/\/www.risc-software.at\/en\/wp-json\/wp\/v2\/publication\/28704\/revisions\/36132"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.risc-software.at\/en\/wp-json\/wp\/v2\/media\/28703"}],"wp:attachment":[{"href":"https:\/\/www.risc-software.at\/en\/wp-json\/wp\/v2\/media?parent=28704"}],"wp:term":[{"taxonomy":"publication-category","embeddable":true,"href":"https:\/\/www.risc-software.at\/en\/wp-json\/wp\/v2\/publication-category?post=28704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}