NIS2 FAQs
Here's a list of questions we have been most frequently asked on the European Network and Information Security Directive (NIS2).
How can one effectively prepare for the upcoming changes in cybersecurity regulations when it feels overwhelming, time-pressured, and without national laws? What are the concrete steps to prioritize in preparation?
NIS2 mandates MFA; is the use of SMS-based OTPs permissible?
How should we approach legislation, considering our multinational presence?
Do you anticipate significant variations in how member states interpret and implement the Directive?
There are multiple directives being introduced simultaneously, such as NIS2, CER, CRA, etc. How do you perceive the relationship between these directives?
Does Nexus provide consulting services such as audit and risk assessment?
Is there a recommended national Swedish site for NIS2 information, and could you provide insights on the preparedness of Swedish lawmakers?
Which national supervisory authorities are responsible for overseeing cybersecurity in Germany, France, and Sweden?
When is an EU directive directly applicable, in cases of delayed legislative implementation in Germany?
What should I be aware of or require from my software suppliers?
When considering the sectors under NIS2, how does it apply to the automotive industry (OEMs) and suppliers?
How does NIS2 relate to OT and IoT environment?
Do you expect a big difference in the implementation of NIS2 in Germany, compared to other countries?
Is there some kind of checklist I can use to check whether my company falls within the scope of NIS2?
Which part of the Nexus PKI is CC EAL4+ certified?
On what basis are you building an on-premises PKI infrastructure?
Do you have more questions?
If you have additional questions or would like to explore any of the topics we discussed during the webinar in more detail, feel free to reach out, and we'll be happy to assist you.