Two EU directives made simple – NIS2 and CER

Two EU directives

What is Directive on the Resilience of Critical Entities (CER) and how does it relate to NIS2?

CER will affect almost everyone working with Microsoft 365 in Europe, while NIS2 is especially relevant for those of you who work with cloud security. In this artcile we will try to tell you why.

CER is a EU directive coming into effect on the 18th October 2024 to strengthen the resilience of critical infrastructure within EU (and EEA). Within July 2026 critical entities will be identified and notified. If you are considered a critical entity you will then have till mid-July 2027 to perform risk assessments and prove compliance to the directive.

The Directive aims to make supply of energy, drinking water, health services, banking, transport, food, and more, less vulnerable to threats. Threats can be everything from natural hazards, pandemics to cyber attacks – unlike NIS2, which focus only on cybersecurity.

If you are a Critical Entity (e.g. providing services within the areas above), you will have three main tasks:

  1. Perform a risk assessment of your Microsoft 365 tenant and other vital IT infrastructure.
  2. Implement appropriate measures, if necessary.
  3. Be prepared for events by having an Incident response plan, which must include incident notification should an incident occur that affects (or might affect) your delivery of essential services.

Why should you care? The directive is mandatory for business that are identified. In addition to caring about your business being able to deliver your services, you should also be aware of hefty fines for not complying to the directive.

What do I need to do? You should already now start to prepare your IT infrastructure to be in compliance with the directive. The Proactive Security Monitoring from CloudWay Services can assist you with that, and is a good place to begin!

Recent Services Blogs
Recent News
Recent Blogs
Scroll to Top