DTIB companies: what are the NIS2 recommendations for data cybersecurity?

by | Nov 7, 2023 | News

The Network and Information Systems Security Directive (NIS2) is a European Union regulation aimed at strengthening cybersecurity in critical sectors, including Defense Industrial and Technological Base (DITB) companies and defense contractors. NIS2 aims to guarantee a high level of security for networks and information systems within the European Union. In this article, we present some of the key recommendations of the NIS2 with regard to data cybersecurity for DITB companies.

1. Risk management and incident reporting

Risk management: NIS2 encourages companies to implement effective cybersecurity risk management. This involves identifying, assessing and managing potential risks to data and information systems.

The directive requires DITB companies to report serious cybersecurity incidents to the relevant national authorities. Prompt notification of such incidents is essential to enable a coordinated response.

2. Technical and organizational safety measures

DITB companies are encouraged to implement appropriate technical and organizational measures to protect their networks and information systems. This may include:

  • Access management: NIS2 calls for effective management of access rights to ensure that only authorized people have access to critical data and systems.
  • Other measures include firewalls, intrusion detection systems and data encryption.

3. Training and awareness-raising

DITB companies are encouraged to raise their staff's awareness of cybersecurity, and to provide adequate training to ensure that employees understand cybersecurity risks and best practices.

4. Safety certification

NIS2 introduces certification mechanisms for cybersecurity-related products, services and processes. DITB companies are encouraged to obtain security certifications to demonstrate compliance with recognized cybersecurity standards.


The NIS2 encourages collaboration between companies in the DTIB sector, national authorities and other relevant players in the field of cybersecurity. This includes sharing information on threats and vulnerabilities, and cooperating to strengthen the sector's resilience.

It is important to note that implementation of NIS2 may vary from one EU country to another, as member states have some flexibility in how they transpose the directive into their national legislation. DITB companies must comply with the specific requirements of their country, while respecting the general principles of NIS2 to strengthen the cybersecurity of data and information systems.


In the same category

ANSSI assesses the IT threat to law firms

ANSSI assesses the IT threat to law firms

Did you know? ANSSI notes that the scope of cyber-attacks on law firms is constantly expanding, notably due to the increasing digitalization of the profession and legal procedures. Lawyers and law firms are frequently the target of...