● Financial institutions
● Market infrastructure
● Drinking water
● Wastewater
● Digital infrastructure and providers
● Public administration
● Space activities
● Postal services
● Waste management
● Chemical products
● Manufacturing, distribution, and production of food
● Manufacturing and production of pharmaceuticals, electronics, optical equipment, machinery, vehicles
● Healthcare
For sure that can be said after all national legislations are passed (due date October 2024). It might be that companies must be compliant with more than one legislation if they operate (as suppliers) in more than one country in the EU. However, these legislations must at least implement the minimal measures (Chapter 4, Article 21) from the directive:
(a) policies on risk analysis and information system security;
(b) incident handling;
(c) business continuity, such as backup management and disaster recovery, and crisis management;
(d) supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers;
(e) security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;
(f) policies and procedures to assess the effectiveness of cybersecurity risk-management measures;
(g) basic cyber hygiene practices and cybersecurity training;
(h) policies and procedures regarding the use of cryptography and, where appropriate, encryption;
(i) human resources security, access control policies and asset management;
(j) the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate.
With more than 15 years of experience in Near Shore, we are high level consultants who speak English and German, thus creating an On Shore feeling.