The Network and Information Systems 2 (NIS2) Directive is set to be the most comprehensive European cybersecurity directive yet and comes into effect in October 2024. The directive aims to harmonize cybersecurity requirements and their enforcement across member states by setting a benchmark of "minimum measures," which include risk assessments, policies and procedures for cryptography, security procedures for employees who have access to sensitive data, multifactor authentication, and cybersecurity training.
It also directs companies to create a plan for handling and reporting security incidents, and for managing business operations during and after a security incident.
Similarly, the Digital Operational Resilience Act (DORA) is a European Union regulation that comes into effect in January 2025 and aims to strengthen the IT security of financial entities like banks, insurance companies, and investment firms—helping ensure their resilience in the face of severe operational disruptions. It covers aspects like ICT risk management, third-party risk management, digital operational resilience testing, and reporting of major ICT-related incidents to competent authorities.
The following resources are designed to help you to understand the scope of NIS2 and DORA and how you can use the Microsoft Security solutions to support your customers in becoming compliant with both.