In 2024, the NIS2 Directive (European Directive for cyber resilience of critical infrastructure) will be converted into national legislation.

The Food sector has been labeled as critical infrastructure and organizations from this sector will therefore have to comply with NIS2 cybersecurity requirements, as described in Article 21 (NIS2 Directive (EU) 2022/2555).

What does this mean concretely for the food sector?

This means that organizations from this sector must meet the following minimum cybersecurity NIS2 requirements:

– Asset Management: Making an inventory of all computers, devices and systems connected to your organization’s network;

– Basic Cyber ​​Hygiene: Organizing and maintaining your cyber security ‘household’;

– Supply Chain Security: Checking the cyber security of your suppliers;

– Incident Response: Being able to manage cyber incidents and ensure your business continuity;

– Cybersecurity Training: Providing cybersecurity awareness training for your staff and management

Why should the Food sector take the NIS2 seriously?

1. Because the NIS2 contributes to a serious improvement of the cyber resilience of the organization
2. As the NIS2 is likely to be strictly enforced and non-compliance with the NIS2 legislation can result in serious fines up to a maximum of 10 million Euro or 2% of global turnover (whichever is higher).
3. Because the regulator (RDI) has indicated that feasible cybersecurity measures that the sector organization imposes itself will usually be honoured

As your brance organisation we have made an agreement with Secior Digital Risk Management and members will get a discount of € 2.500 euro ( same as the annual membership) from Secior if they make your risk assessment, and make your company compliant with the new NIS2 directive.