The last day of October has arrived and that means Cybersecurity Month is almost at an end. Of course, we at Poelmann van den Broek remain actively engaged in cybersecurity legislation and are ready to support you in applying this new legislation. After all, it remains a topical issue. To further help you as business owner , Niels van den Bogaard wrote the blog below. As a business owner or group director you are most likely aware of the arrival of the NIS2/cybersecurity law. Do you think you are not covered by it, as these rules 'are only for essential and important entities such as energy companies and car manufacturers'? If so, you may well be wrong in that. Read on!
Date: Oct. 31, 2024
Modified October 31, 2024
Written by: Niels van den Bogaard
Reading time: +/- 3 minutes
It is not unusual for parent companies within a group to offer IT services to their subsidiaries. Examples include managing servers, networks and security systems. What is often overlooked, however, is that these services, although provided internally, may qualify as "managed services" under the NIS2 Directive. This means that the parent company must meet the same strict requirements as external providers of such services.
This poses significant risks:
There are some concrete steps you can take to prevent your parent company from being considered a "managed services provider" under NIS2:
The NIS2 Directive and the Cybersecurity Act present new challenges for groups in which parent companies provide IT services to their subsidiaries. By proactively taking the steps listed above, you can minimize the risks of unwanted classification as a "managed services provider."
Do you have questions about the impact of NIS2 on your organization or want to know how to prepare for it? If so, please contact our specialists. Our team of experts is ready to guide you through this complex legal landscape.