Directive NIS2
Wimi, a strategic partner
for NIS2 compliance
In a context of high and increasingly sophisticated cyber threat, the European directive NIS2 establishes a robust security framework imposing cybersecurity obligations on operators of essential services (OES) and Operators of Vital Importance (OIV) as well as digital service providers (DSPs). Through transposition into national law, all target organizations will need to begin compliance starting from October 17, 2024.
Which organizations are affected by NIS2?
OIV, OSE
et FSN (160K+)
€10M – Financial Penalty
maximum
for non-compliance
15 Sectors Affected
By choosing Wimi as your integrated collaborative suite, you directly benefit from the best security practices recommended in NIS2, via ANSSI’s SecNumCloud qualification, and you have a proven suite ensuring you a level of cutting-edge technical and legal protection for your data.
NIS 2 imposes obligations and compliance on 4 major themes:
Risk Management
Corporate Responsibility
Direct Responsibility of Senior Management in Sensitive Organizations for Training, Supervision, and Approval of Cybersecurity Measures Taken. Possible Sanctions for Violations.
Incident Reporting
Essential Entities (OES) and Important Entities (OIV) must ensure the existence of a security incident reporting process, with an obligation to notify within 24 hours.
PCA/ PRA
A Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are required to address a potential cyber crisis by detailing the procedures and new systems that take over in the event of an incident.
Summary Table: How does a “SecNumCloud” qualified publisher protect your activities from the cyber risks addressed by NIS 2?
Some actors take advantage of market ignorance to “ride the wave” of SecNumCloud. To be NIS2 compliant, be careful not to choose an unqualified publisher! Here are the respective security perimeters of a SecNumCloud qualified actor, an unqualified actor who only has SecNumCloud hosting, and a CSPN software.
| Thèmes d’exigences SecNumCloud | Editeurs SecNumCloud Ex. Wimi (en cours) |
Editeurs non qualifiés + Hébergement SecNumCloud |
Logiciels CSPN lié à la sécurité du code |
Organisation de la sécurité
|
 |
||
Sécurité des ressources humaines
|
|
||
Les engagements sur la sécurité
|
|
||
Les processus sécurité de l’éditeur de logiciel
|
|
||
Sécurité du logiciel (code)
|
|
|
|
Sécurité de l’hébergement (Serveurs)
|
|
|
Wimi is a key sovereign and secure partner and a key partner for NIS2 compliance
Wimi aims to become the first collaborative suite labeled Cloud de Confiance
The priority of the Government’s Cloud policy is to offer the highest level of protection for the data of public and private organizations. We have shared this vision at Wimi for more than 10 years. The Cloud de Confiance label provides a double level of security (technical and legal) and allows French organizations to benefit from the most secure Cloud solutions on the market.
Questions/Answers about NIS2 and its link with SecNumCloud qualified solutions
Why did the EU propose a new directive on cybersecurity?
The NIS Directive, the EU's first cybersecurity law, aimed to enhance the resilience of networks and information systems against cyber risks. However, the COVID-19 crisis, the war in Ukraine, and the increasing use of digital services have expanded the threat, necessitating new solutions. The Commission identified gaps in the NIS Directive, including insufficient cyber resilience and inadequate common response to new risks.
On what elements of the original NIS Directive is the NIS2 directive based?
NIS2 builds on three main pillars of NIS1: the NIS1 strategy on network and information system security, the need for Member States to adopt a national cybersecurity strategy, and the requirement for a national competent authority in cybersecurity. NIS2 also continues the NIS1 framework by establishing the NIS Cooperation Group and the CSIRT network to support strategic cooperation and information exchange among Member States.
What are the key elements of the NIS2 directive?
NIS2 aims to provide a higher common level of cybersecurity in the EU by extending cybersecurity rules to new digitized and interconnected sectors, eliminating the distinction between essential service operators and digital service providers, and harmonizing sanction regimes.
How will the new NIS2 rules be supervised and enforced?
The supervision and enforcement of NIS2 rely on competent authorities, which will have a coherent framework for supervision and enforcement activities. Measures include regular and targeted audits, on-site and remote checks, information requests, and access to documents or evidence. NIS2 also establishes a consistent sanction framework across the Union.
What are the sanctions for non-compliance with NIS2?
Sanctions for non-compliance with NIS2 may include fines of up to €10 million or 2% of global annual turnover for essential entities, and up to €7 million or 1.4% for significant entities. Competent authorities must consider the specific details of each case when exercising enforcement powers, including the nature and severity of the violation and the incurred damages or losses.
What is SecNumCloud?
SecNumCloud is a qualification from ANSSI (National Cybersecurity Agency of France) that attests to the compliance of a cloud service (IaaS, PaaS, or SaaS) with the highest security requirements in France. This means that Wimi, as a publisher (SaaS qualification) and through its comprehensive and integrated collaborative suite, provides you with a secure, reliable, and resilient collaborative working environment, protecting your data and your customers' data against cyberattacks and extraterritorial laws (e.g., US Cloud Act).
Who is ANSSI?
The National Cybersecurity Agency of France (ANSSI) is a French public agency under the Prime Minister's authority, dealing with national defense and security issues in the field of cybersecurity. It could be compared to a form of "CISO of the French State," being the most qualified authority in protecting information systems and preserving digital sovereignty in France.
How does Wimi, certified SecNumCloud by ANSSI, meet the requirements of NIS 2?
Wimi, as a SecNumCloud qualified service, meets the highest security standards defined by the National Cybersecurity Agency of France (ANSSI). This qualification ensures that Wimi provides a level of security and data protection compliant with NIS 2 strict requirements, particularly in terms of risk management, critical infrastructure protection, and cybersecurity incident reporting.
How does Wimi ensure data protection in accordance with NIS 2?
Wimi implements a comprehensive security policy, including data encryption in transit and at rest, role-based access management, and continuous system monitoring to quickly detect and respond to potential threats. Additionally, Wimi is committed to following security incident reporting procedures in accordance with NIS 2 directives, ensuring maximum transparency and responsiveness in the event of an incident.
What are the benefits of choosing a SecNumCloud 3.2 certified collaborative suite like Wimi to comply with NIS 2?
Opting for Wimi qualified SecNumCloud 3.2 offers several advantages, including assurance that the service meets the highest security standards of the art state, better management of cybersecurity risks, and compliance with European and French regulations regarding information system security. This also reassures your clients and partners about the protection of data hosted on your suite and your projects.
How do I open a Wimi account?
It's very simple, visit this page, then follow the steps to create your Wimi account. You will be prompted to choose a Wimi account name, e.g., mycompany.wimi.pro, and then you can start exploring the platform. A member of our team will guide you during your 14-day trial period.
Can I request a demonstration?
Absolutely! Simply visit this page and fill out the form. One of our sales representatives will get back to you shortly to arrange a demonstration session of the sovereign and secure collaborative suite Wimi with one of our Customer Success team members, focusing specifically on security features and SecNumCloud qualification.