
Unlike the original NIS directive, which focused on key economic operators, this new version broadens its scope to more entities and sectors, and introduces requirements better suited to new cyber threats.
It imposes a set of legal, technical and organizational measures.
Entities will need to implement legal, technical and organizational measures to manage risks threatening the security of their networks and information systems.
ANSSI, as the national cybersecurity authority, is responsible for transposing and enforcing this directive at the national level.
The NIS2 approach proposed by Adacis
Step 1: scoping
• Are you affected?
• What is your regulation level (essential entity (EE) or important entity (IE))?
• Setting up support with a defined business and technical scope and stakeholders.
Step 2: maturity assessment
• Organizational audit against the NIS2 framework.
• Detailed compliance action plan.
De facto EBIOS RM risk analysis (workshops 1 and 5)
Step 3: dedicated support
• On-demand support based on your constraints, skills and level of autonomy, with regular check-in points.
• Our team of experts will support you according to your needs.
Step 4: compliance validation
• Compliance validation and closing meeting.
Step 5: continuous improvement
• Continuous improvement plan (PDCA): review of the action plan and compliance following deadlines or major changes.
Is my entity affected?
Assess whether your entity is subject to the NIS2 directive with ANSSI's test.
Sectors concerned
Security measures required by NIS 2
Obligations for regulated entities
01
Policies on risk analysis and information system security.
02
Incident handling (prevention, detection and response to incidents).
03
Crisis management and business continuity, such as backup management and disaster recovery.
04
Supply chain security, including security aspects related to relationships between each entity and its direct suppliers or service providers.
05
Security in the acquisition, development and maintenance of networks and information systems, including handling and disclosure of vulnerabilities.
06
Policies and procedures (testing and audits) to assess the effectiveness of cybersecurity risk management measures.
07
Basic cyber hygiene practices and cybersecurity training.
08
Policies and procedures regarding the use of cryptography.
09
Human resources security, access control policies and asset management.
10
The use of multi-factor authentication or continuous authentication solutions, secure voice, video and text communications, and secure emergency communication systems within the entity, as needed.



















