NIS2: Taking information security to the next level

Apr 17, 2024

With increasing digitalization, the use of IoT technology and geopolitical developments, cyber threats against critical infrastructures in our society are increasing. The current NIS directive is no longer adequate and will therefore be replaced by the European Union in October 2024 with the Network and Information Security Directive (NIS2) with the goal of increasing Europe's cyber resilience.  

Email security: critical to NIS2 and ISO 27001

E-mail remains one of the most widely used communication channels for organizations and is constantly subject to cyber attacks. Email security therefore plays a crucial role in both NIS2 and ISO 27001. By investing in email security measures, organizations can better guard against cyber attacks and meet the requirements of both regulations.

Email services such as Outlook 365 offer a number of email security features, however, organizations may need additional measures to meet the stringent standards of NIS2. Email security solutions, such as FileCap, can add additional layers of security and also enhance existing email solutions, helping organizations meet NIS2 requirements. FileCap offers a number of additional features including encryption and authentication for Outlook 365, for example, to protect sensitive information.

NIS2 guideline: what does it mean?

The NIS2 directive aims to raise the level of cyber security in the European Union. It does this by requiring organizations to take appropriate security measures to protect their digital systems. NIS2 will take effect in 2024, while the exact compliance requirements of the NIS2 directive are still being worked out. NIS2 measures include:

  • Conducting risk assessments.
  • Implementing security measures based on those risk assessments.
  • Streamline incident management.
  • Monitoring compliance.

ISO 27001: A proven standard for information security

ISO27001 is the internationally recognized standard in the field of information security. Organizations that are ISO 27001 certified demonstrate compliance with the highest standards of information security. More and more organizations are choosing to certify to ISO 27001, in part due to the advent of GDPR and the increasing focus on cybersecurity. Organizations preparing for the arrival of NIS2 by obtaining ISO 27001 certification already meet many of the new requirements in NIS2.

NIS2 and ISO 27001: The main differences

The NIS2 guideline and ISO 27001 both focus on information security risk management and require the implementation of appropriate security measures. However, there are some important differences:

  • NIS2 is legislation, ISO 27001 a standard. This means that compliance with NIS2 is mandatory.
  • Organizations covered by NIS2 are supervised by a competent authority, which can impose enforcement measures for non-compliance with
    the directive.
  • NIS2 focuses on sectors that are critical to society, such as energy and healthcare. ISO 27001 is relevant to all organizations that handle sensitive information.
  • NIS2 emphasizes technical and organizational measures, while ISO 27001 also provides a broader framework for information security, including processes and management.
  • For many organizations, NIS2 brings with it a new way of working in terms of risk management, security incident reporting, information sharing and auditing, as well as new requirements for information security policies and risk analysis.
  • ISO 27001 enables organizations not directly covered by NIS2 to prepare for future legislative and regulatory requirements and customer and partner expectations.

NIS2 chain security

Another important aspect of NIS2 is chain security. If you as an organization fully comply with all applicable security standards, but a supplier or partner in your chain does not, this can still make your organization vulnerable. Chain security obliges organizations not only to secure their own IT systems, but also to assess and ensure the security of suppliers and partners in the chain.

Does your organization not fall under NIS2? Then keep in mind whether you might be part of a chain and thus could still be confronted with NIS2.

FileCap: more than software

FileCap helps organizations work more efficiently, prevent data leaks and optimize business processes. By securing emails and (large) files, you increase awareness within your organization and reduce the risk of cybercrime. FileCap aligns with the requirements of NIS2 and includes:

  • ISO 27001 certified: Reliable email security solution
  • AES256 encryption: Powerful security for your files and messages
  • TLS 1.3: Secure data connections.
  • PBKDF2 function: advanced password protection
  • Multi-factor authentication: Additional layer of security
  • User-friendly: Easy to install and use
  • Assign users: Determine who has access to FileCap


With FileCap you protect your organization optimally against cyber attacks and strengthen your digital resilience. We are happy to help you make the right choice for your organization in terms of secure communication. Through our website you can request a no-obligation demo or trial.

Try FileCap now