With the increase in cyberattacks, the European Union has strengthened its legislative shield since 2022 with the NIS2 (Network and Information Security) Directive. This European text, the objective of which is to harmonise cybersecurity requirements, must be transposed by the Member States into their national law by 17 October 2024 at the latest.
An “all-hazards” approach to cybersecurity
Affected companies will need to take significant technical and operational steps to manage cybersecurity risks. These measures include at least:
- policies relating to risk analysis and information systems security; incident management;
- business continuity, such as backup management and recovery, and crisis management;
- supply chain security, including security-related aspects of the relationship between each entity and its suppliers or direct service providers;
- security in the acquisition, development and maintenance of network and information systems, including the treatment and disclosure of vulnerabilities;
- policies and procedures to assess the effectiveness of cyber security risk management measures;
- basic cyber hygiene practices and cyber security training;
- policies and procedures for the use of cryptography and, where applicable, encryption;
- human resources security, access control policies and asset management;
- the use of multi-factor authentication or continuous authentication solutions, secure voice, video and text communications, and secure emergency communication systems within the entity, as required.
In addition to these measures, the directive contains vulnerability disclosure and reporting obligations.
IP Twins Qualified an Essential Entity
The NIS2 Directive describes two sectors concerned by these obligations:
- Highly critical sectors: contain either essential entities (EEs) or important entities (IEs), based on criteria of activity, turnover, balance sheets and number of employees
- Other critical sectors: Contain only important entities (IEs)
The difference lies in the fact that an interruption of the services of a key player would have significant consequences for the whole of society in the Member State concerned.
As a domain name registrar and DNS service provider, IP Twins qualifies as an Essential Entity under the Directive.
IP Twins already meets all the security obligations arising from the provisions of the NIS2 Directive, and will be declared to the ANSSI. Our registrar and DNS service activities are ISO 27001 certified, in an ongoing commitment to uphold the highest standards of data security that demonstrates our dedication to protecting our customers’ sensitive information and maintaining their trust in our services.
