Tom's IT Bildmarke Logo

Tom's IT

NIS2 Implement NIS2 NIS2 audit NIS2 consultation


Our NIS2 Check Tool helps you quickly determine if and to what extent your company must comply with the NIS2 directive. This is especially important for companies in Austria that need to ensure they meet all legal requirements.

Start Your NIS2 Compliance Check

Discover quickly and easily how the NIS2 Directive impacts your business.

After completing the assessment, you will receive a clear answer on whether NIS2 is relevant to your company. Regardless of the result, you should contact us for a detailed review.

1 / 4

Does my company have at least 2 million euros in annual revenue or 43 million euros in annual balance sheet total?

Companies with an annual revenue of at least 2 million euros or an annual balance sheet total of at least 43 million euros are generally subject to the NIS2 Directive, regardless of their sector or activities.

2 / 4

Does my company operate critical infrastructure?

The NIS2 Directive also applies to companies operating critical infrastructure. Critical infrastructure is defined as any infrastructure whose failure or disruption could have significant impacts on public safety, health, or the economic well-being of the Union.

3 / 4

Does my company belong to one of the sectors covered by the NIS2 Directive?

The NIS2 Directive applies to companies in the following sectors.

Please select your sector:

4 / 4

Is your company one with more than 50 employees?

Companies with more than 50 employees are generally subject to the NIS2 Directive, regardless of their sector or activities.

Request Free NIS2 Consultation

Our free consultation offers you the opportunity to discuss your specific needs and challenges and ensure that your company is fully compliant.

Ensure your competitive advantage through compliance. Adhering to the NIS2 directive is not only a legal necessity but also a crucial step in strengthening the trust of your customers and partners.

What is NIS2?

The NIS2 Directive (Network and Information Security Directive) is an updated version of the original NIS Directive aimed at strengthening cybersecurity in the European Union. It was adopted by the European Parliament and the Council on December 14, 2020, and comes into effect on January 16, 2023. Member States must implement NIS2 by October 17, 2024.

For more information on the NIS2 Directive, visit the website of the Austrian Federal Economic Chamber and the official NIS2 Directive page of the Austrian government.

1. Objectives of NIS2

NIS2 aims to strengthen the resilience and security of network and information systems. This includes harmonizing security requirements and improving cooperation between EU Member States.

2. Extended Scope

The NIS2 Directive expands its scope to more sectors and types of facilities. In addition to the previous sectors (such as energy, transport, banking, healthcare), it now also covers areas like public administration, digital services, and research and development facilities.

3. Definition of Company Sizes

NIS2 differentiates between small, medium, and large companies based on criteria such as the number of employees, annual turnover, and balance sheet total to ensure appropriate regulations.

4. Increased Security Requirements

Companies must take appropriate technical and organizational measures to manage risks to network and information systems and minimize the impact of incidents. These measures include risk management, incident management, business continuity and crisis management, supply chain security, and incident response.

5. Obligation to Report Security Incidents

Companies must promptly report significant security incidents to the relevant authorities. The directive sets strict reporting deadlines and requirements to ensure incidents are handled quickly and effectively.

6. Supervision and Enforcement

The directive strengthens the supervisory powers of national authorities. These authorities can audit companies and impose sanctions for non-compliance. Sanctions can include fines of up to 10 million euros or 2% of a company's worldwide annual turnover, whichever is higher.

7. EU-Level Cooperation

The NIS2 Directive promotes cooperation between EU Member States to improve information sharing and coordination in combating cyber threats. This includes creating a network of CSIRTs (Computer Security Incident Response Teams) and establishing the EU Cybersecurity Information Exchange.

Important Information for Companies in Austria

Compliance and Preparation

Companies in Austria should review their existing security measures to ensure they comply with the NIS2 directive. This includes updating risk management processes and implementing appropriate technical and organizational measures. Creating and updating emergency plans and conducting regular security audits are crucial.

Reporting Security Incidents

It is important to establish clear internal processes for detecting and reporting security incidents. Companies should ensure that all employees are informed about these processes and know how to respond in the event of an incident. Adhering to reporting deadlines and correctly documenting incidents is critical to avoid sanctions.

Training and Awareness

Training programs to increase employee security awareness and promote best practices in cybersecurity should be implemented. Regular training and awareness measures help minimize the risk of human error.

Collaboration and Information Sharing

Companies should seek cooperation with other organizations and authorities in the EU to exchange information on threats and best practices. Participation in industry-specific networks and forums can provide valuable insights and support.

Essential Questions and Answers About the NIS2 Directive

NIS2 FAQ: Key Questions for Your Business

1. Implementation Schedule and Phases

The implementation of the NIS2 directive occurs in stages. Companies are required to comply with the guidelines no later than two years after their entry into force. This requires precise planning and implementation of the necessary security measures.

2. Objectives of NIS2 in the Context of Cybersecurity

NIS2 aims to strengthen the resilience and security of network and information systems. This includes harmonizing security requirements and improving cooperation between EU Member States.

3. Affected Companies and Criteria

NIS2 targets a wide range of organizations and distinguishes between essential and important entities. Classification depends on factors such as size, type of activity, and potential risk of a security incident.

4. Requirements for Digital Infrastructure

Companies must implement robust technical and organizational measures to ensure the security of their networks and information systems. This includes regular risk assessments, implementing security protocols, and establishing incident response plans.

5. NIS2 Directive Requirements for Companies

The directive requires companies to develop and implement comprehensive cybersecurity strategies. This includes regular audits, employee training, and the establishment of systems for early detection of cyber threats.

6. Supply Chain Security: A Critical Aspect

Companies must ensure that their supply chains also comply with the security standards of the NIS2 directive. This requires careful examination and evaluation of the security practices of suppliers and partners.

7. Consequences of Non-Compliance

Non-compliance with the NIS2 directive can lead to significant fines and reputational damage. It is therefore essential to take the directive's requirements seriously and take appropriate measures.