EU Security Union NIS-2

What it means for NRENs

On 11 January 2023 Cathrin Stöver, Alf Moens and Edit Herczog presented an EU Security Union infoshare on the newly released NIS-2 Directive published on 15 December 2022 and the effects of this on NRENs across Europe.

These regulations will be in place within 21 months and so there is a lot of work required both within the Member States and also NRENs before October 2024.

NIS-2 relates to security on Vital Digital Infrastructures, infrastructures that are essential for keeping society afloat, It covers a range of industries including power generation and transmission and healthcare but research and education are explicitly included. For NRENs in particular, NIS-2 states that government agencies, Top Level Domain (TLD) management, DNS and Clouds and Trust services are explicitly covered by these requirements and so most NRENs will fall into the scope.

In general these obligations following on from this directive are logical and are part of the normal work expected but there will be a need to ensure this is documented and compliance is demonstrated.

NIS-2 expects regular auditing of compliance and so it is vital that NRENs are prepared. Some of the key actions NRENs can take already are:

  • Establish contacts within your national government.
  • Appoint a coordinator for compliance and reporting.
  • Assess your current security baseline status
  • Identify your obligations under NIS-2.
  • Understand what is needed to bring your organisation to the required level.

To help, GÉANT has a range of services including:

  • GÉANT Security Baseline: helps you assess your current status
  • Policies: a range of policies and best practices, including a Risk Management Policy
  • SIG-ISM: the security management community for GÉANT members.

More information

To find out more about NIS-2 and how it can affect your NREN you can watch a GÉANT infoshare. GÉANT will schedule follow-up infoshares on this subject.

Skip to content