• Home
  • Imprint
  • Privacy policy
  • Terms
  • Agile and lean law firm
  • Ideal partner
  • Contact
  • Videos
ITMediaLaw - Rechtsanwalt Marian Härtel
  • en English
  • de Deutsch
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
      • Ideal partner
      • About lawyer Marian Härtel
      • Video series – about me
      • Why a lawyer and business consultant?
      • Principles as a lawyer
      • Focus on start-ups
      • Nerd und Rechtsanwalt
      • Ideal partner
      • How can I help clients?
    • Über die Kanzlei
      • How clients benefit from my network of colleagues, partners and service providers
      • Quick and flexible access
      • Agile and lean law firm
      • Team: Saskia Härtel – WHO AM I?
      • Price overview
    • How can I help clients?
    • Sonstige Informationen
      • Einwilligungen widerrufen
      • Privatsphäre-Einstellungen ändern
      • Historie der Privatsphäre-Einstellungen
      • Privacy policy
    • Testimonials
    • Imprint
  • Leistungen
    • Focus areas of attorney Marian Härtel
      • Support with the foundation
      • Games law consulting
      • Advice in e-commerce
      • Support and advice of agencies
      • Legal advice in corporate law: from incorporation to structuring
      • Legal compliance and expert opinions
      • Streamers and influencers
      • Cryptocurrencies, Blockchain and Games
      • Outsourcing – for companies or law firms
    • Arbeitsschwerpunkte
      • Games and esports law
        • Esports. What is it?
      • Corporate law
      • IT/IP Law
      • Consulting for influencers and streamers
        • Influencer & Streamer
      • Contract review and preparation
      • DLT and Blockchain consulting
        • Blockchain Overview
      • Investment advice
      • AI and SaaS
  • Artikel/News
    • Langartikel / Guides
    • Law and computer games
    • Law and Esport
    • Law on the Internet
    • Blockchain and web law
    • Online retail
    • Data protection Law
    • Copyright
    • Competition law
    • Copyright
    • EU law
    • Law on the protection of minors
    • Labour law
    • Tax
    • Kanzlei News
    • Other
  • Videos/Podcasts
    • Videos
    • Podcast
      • ITMediaLaw Podcast
      • ITMediaLaw Kurz-Podcast
  • Knowledge base
  • Contact
Kurzberatung
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
      • Ideal partner
      • About lawyer Marian Härtel
      • Video series – about me
      • Why a lawyer and business consultant?
      • Principles as a lawyer
      • Focus on start-ups
      • Nerd und Rechtsanwalt
      • Ideal partner
      • How can I help clients?
    • Über die Kanzlei
      • How clients benefit from my network of colleagues, partners and service providers
      • Quick and flexible access
      • Agile and lean law firm
      • Team: Saskia Härtel – WHO AM I?
      • Price overview
    • How can I help clients?
    • Sonstige Informationen
      • Einwilligungen widerrufen
      • Privatsphäre-Einstellungen ändern
      • Historie der Privatsphäre-Einstellungen
      • Privacy policy
    • Testimonials
    • Imprint
  • Leistungen
    • Focus areas of attorney Marian Härtel
      • Support with the foundation
      • Games law consulting
      • Advice in e-commerce
      • Support and advice of agencies
      • Legal advice in corporate law: from incorporation to structuring
      • Legal compliance and expert opinions
      • Streamers and influencers
      • Cryptocurrencies, Blockchain and Games
      • Outsourcing – for companies or law firms
    • Arbeitsschwerpunkte
      • Games and esports law
        • Esports. What is it?
      • Corporate law
      • IT/IP Law
      • Consulting for influencers and streamers
        • Influencer & Streamer
      • Contract review and preparation
      • DLT and Blockchain consulting
        • Blockchain Overview
      • Investment advice
      • AI and SaaS
  • Artikel/News
    • Langartikel / Guides
    • Law and computer games
    • Law and Esport
    • Law on the Internet
    • Blockchain and web law
    • Online retail
    • Data protection Law
    • Copyright
    • Competition law
    • Copyright
    • EU law
    • Law on the protection of minors
    • Labour law
    • Tax
    • Kanzlei News
    • Other
  • Videos/Podcasts
    • Videos
    • Podcast
      • ITMediaLaw Podcast
      • ITMediaLaw Kurz-Podcast
  • Knowledge base
  • Contact
ITMediaLaw - Rechtsanwalt Marian Härtel
Home Other

Who is affected by the new IT security guideline?

13. August 2024
in Other
Reading Time: 8 mins read
0 0
A A
0
eacdf2e96129370b1608edb115f7bf58
Key Facts
  • NIS 2 Directive must be implemented by October 17, 2024, primarily affects IT start-ups in the EU
  • The directive significantly increases the level of protection for critical infrastructures and digital services.
  • Regulatory requirements must not be neglected in dynamic start-up environments; IT security is essential.
  • Companies must implement risk management measures, security incident reports and regular checks.
  • Early measures reduce compliance risks and increase customer and investor confidence.
  • Non-compliance can lead to penalties of up to 10 million euros or 2% of annual turnover.
  • Proactive planning enables integrated security measures and competitive advantages for start-ups.

While vany entrepreneurs in the IT and startup-sector are struggling with the daily challengeschallenges of business developmentare preoccupied with thean important important deadline that could easily be overlooked easily overlooked: Themplementation of the NIS 2 Directive by October 17 2024 Surprisingly many companies havecompanies have important newinnovation on the screen, even thoughthe consequencesbe far-reaching can. These EU Directive on the Network andd Information security concernsmeets more uncompany as one initially assumeswould benefit thespecial also Innovative startups in the IT sector.The Directive aims toon off, the shlevel of protection for critical infrastructures andd digital servicesste in the EU clearly to increasetion. But not Only established companiescompanies have to adapt to the new requirementsorders. Also Young, up-and-coming startups should take the NIS 2 directive seriously and take earlytake early measures toto minimize compliance-minimize compliance risksminimize compliance risks and IT security improve. DFailure to comply with the requirements can severe finesfines as a result result.

Content Hide
1. What is NIS 2?
2. Main contents of the NIS 2 Directive
3. Implementation deadline and consequences
4. Significance for IT start-ups
5. Recommendations for action

Especially in the dynamic wworld of startups, in whichgility and rapidand rapid growth are are in the foregrounde, the dealing with regulatory requirementsrequirementst take a back seat.intergroundaten. But the NIS 2 Directive makes makes it clear that IT security is not an not an option, but a a necessity. Startups that the right the rightthe right decisions can not only reduce liability risks reduce liability risks, butbut also the trust of customers and investorsand investors.

What is NIS 2?

NIS 2 stands for “Network and Information Security” and is the further development of the first NIS Directive from 2016. The aim of this directive is to significantly increase the level of protection for critical infrastructures and digital services in the EU. In contrast to the previous version, NIS 2 significantly expands the scope of application and now also includes smaller companies, which could directly affect many start-ups.

Main contents of the NIS 2 Directive

The Directive defines the Focus on the followingcore aspects: The Introduction of Risk management measures in the cybsafety, Mobligations for Security incidents that Implementation of Concepts for Evaluation of the Effectiveness of IT security measures, the training of Employees in cyber security issues and the regular transfertesting and actualization of the Safety measures.

In concrete termsthis means that companies areare obligedd to take appropriate technicaland organizationalorganizational measures to minimize risks to the security of network andd information systems manage. This includes Local implementationperformance of Risiko analyzes, the implementation of security concepts andd the establishment of processes for detection, mreporting and reactingtion to security incidents.

Another importantaspect is the training andd sensitization of Employees. Z The aim is is to acquire sufficient knowledgeknowledge and skills to recognition andd assessment of risks and management practices in the in the area of cybersecurity mediate. Reg Regular reviewsand updates of theupdates of the measures takenmeasures are alsoalso necessary in order to with the constantly evolvingevolving threat landscape.keep pace with the constantly evolving threat landscape.

Thesecomprehensiverequirementsespecially for young and growingcompanies challengeas there are often limited resourcresources for the implementation availableehen. Nevertheless It is essential that the requirements of the NIS 2 Directive seriously seriously andd promptly take appropriatemeasures to strengthenIT security-security take action. One early engagementwith the requirements the requirements andd the use of fexpert supportsupport can help to minimize compliance-risks and minimizerisks and increase resilience againstagainst cyber attackssustainablytion.

Implementation deadline and consequences

The deadline for transposing the NIS 2 Directive into national law is October 17, 2024, from which date affected companies must comply with the requirements. Non-compliance could result in severe fines of up to 10 million euros or 2% of annual global turnover. These potential penalties underline the urgency of dealing with the requirements in good time.

Significance for IT start-ups

For many start-ups in the IT sector, NIS 2 represents a new challenge, but also an opportunity: the implementation of robust cyber security measures will become mandatory, which will increase resilience to cyber attacks in the long term. Companies that implement NIS 2 at an early stage can use this as a quality feature and a sign of trust towards customers and partners, which can give them a competitive advantage. By complying with NIS 2 standards, startups signal that they take the security of their systems and data seriously and are willing to invest in cyber security. This can strengthen the trust of customers and investors and improve the company’s reputation.

Even if a startup is not directly covered by the NIS 2 directive, business partners or customers who are subject to the directive can demand appropriate security standards. In an increasingly networked business world, it is important that smaller companies in the supply chain also take appropriate security measures. Start-ups that focus on NIS 2 compliance at an early stage can position themselves as reliable and trustworthy partners and improve their chances of working with larger companies.

In addition, fast-growing startups should consider the NIS 2 requirements at an early stage in order to be prepared if the threshold values are exceeded and to avoid any nasty surprises. By planning ahead and implementing security measures step by step, startups can avoid having to retrofit later under time pressure and at high cost. Addressing NIS 2 at an early stage enables security to be integrated into the company culture and processes from the outset and to scale with the growth of the company.Overall, the NIS 2 directive offers IT startups the opportunity to raise their cyber security to a high level, build trust with customers and partners and prepare for future growth. By being proactive, startups can overcome the challenges and reap the benefits of strong cybersecurity.

Recommendations for action

In order to meet the requirements of the NIS 2 Directive in good time, IT start-ups should consider the following steps: Firstly, assessing how affected the company is based on its size and area of activity, followed by a gap analysis to identify where action is needed. Developing and implementing an information security management system (ISMS) and training employees in cyber security issues are other important aspects. Regular reviews and updates of security measures must not be neglected.

The implementation of the NIS 2 Directive may initially appear to be an additional burden, but it offers the opportunity to improve IT security in the long term and position yourself as a trustworthy partner in the digital ecosystem. IT start-ups should use the time remaining until October 2024 to prepare thoroughly and implement the necessary measures. Dealing with NIS 2 at an early stage can not only minimize compliance risks, but also create a competitive advantage in an increasingly security-conscious market.

Tags: AnalyseCompetitive advantageComplianceDevelopmentEmployeesEuGrowthInformationIT SecurityReviewrightSicherheitStartupsTraining

Beliebte Beträge

The legal protection of a business plan

5b698c02ae6e02ed43d05d01c467b658
24. September 2024

A business plan is an indispensable strategic document for start-ups and company founders. It serves as a roadmap for business...

Read moreDetails

As a teenager, make e-sports men/streamers self-employed?

As a teenager, make e-sports men/streamers self-employed?
2. January 2020

The industry of streamers and e-sports enthusiasts is very young compared to other industries and therefore also for lawyers and...

Read moreDetails

Liability of influencers and agencies for advertised products – legal risks and current developments

Liability of influencers and agencies for advertised products – legal risks and current developments
10. May 2025

Influencer marketing has become an integral part of modern advertising. Influencers recommend products and services of all kinds on social...

Read moreDetails

Confidentiality strategy for startups: NDAs, trade secret law and practical measures

Confidentiality strategy for startups: NDAs, trade secret law and practical measures
28. April 2025

Start-ups thrive on innovative ideas, creative concepts and unique technologies. Whether it's a novel algorithm, a special business idea, a...

Read moreDetails

Setting up a business abroad for OnlyFans-Business: opportunities & risks

Setting up a business abroad for OnlyFans-Business: opportunities & risks
11. May 2025

Running your own OnlyFans business often raises the question for creators and agencies based in Germany: Is it worth setting...

Read moreDetails

Right of withdrawal for tradesman services: massive legal uncertainty to continue in 2025

Right of withdrawal for tradesman services: massive legal uncertainty to continue in 2025
8. May 2025

In 2025, many tradespeople and service providers still face an often underestimated problem: contracts concluded with consumers outside of business...

Read moreDetails

NIS2 compliance 2025: relevance for SaaS and media start-ups

Risks when using and offering no-code platforms as SaaS
2. May 2025

Why another contribution to the NIS2 Directive? Do we really need a separate blog post on the NIS2 Directive in...

Read moreDetails

Software development: The new concept of defects according to §§ 327 ff. BGB

Software development: The new concept of defects according to §§ 327 ff. BGB
7. May 2025

On January 1, 2022, the German legislator fundamentally reformed the regulations for consumer contracts for digital products. For software developers...

Read moreDetails

Regulation (EU) 2024/1083 – The European Media Freedom Act (EMFA) at a glance

Regulation (EU) 2024/1083 – The European Media Freedom Act (EMFA) at a glance
6. May 2025

In May 2024, the European Media Freedom Act (EMFA) was published in the Official Journal of the EU with Regulation...

Read moreDetails
  • Home
  • Imprint
  • Privacy policy
  • Terms
  • Agile and lean law firm
  • Ideal partner
  • Contact
  • Videos
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Contact
  • Leistungen
    • Support with the foundation
    • Focus areas of attorney Marian Härtel
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Games law consulting
    • Support and advice of agencies
    • Legal advice in corporate law: from incorporation to structuring
    • Cryptocurrencies, Blockchain and Games
    • Investment advice
    • Booking as speaker
    • Legal compliance and expert opinions
    • Legal advice in corporate law: from incorporation to structuring
    • Contract review and preparation
  • About lawyer Marian Härtel
    • About lawyer Marian Härtel
    • Agile and lean law firm
    • Focus on start-ups
    • Principles as a lawyer
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Why a lawyer and business consultant?
    • Focus on start-ups
    • How can I help clients?
    • Team: Saskia Härtel – WHO AM I?
    • Testimonials
    • Imprint
  • Videos
    • Video series – about me
    • Information videos – about Marian Härtel
    • Videos on services
    • Blogpost – individual videos
    • Shorts
    • Third-party videos
    • Podcast format
    • Other videos
  • Knowledge base
  • Podcast
  • Blogposts
    • Lange Artikel / Ausführungen
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Labour law
    • EU law
    • Corporate
    • Competition law
    • Copyright
    • Tax
    • Internally
    • Other
  • en English
  • de Deutsch
Kostenlose Kurzberatung