Directive NIS2

Wimi, a strategic partner

for NIS2 compliance

In a context of high and increasingly sophisticated cyber threat, the European directive NIS2 establishes a robust security framework imposing cybersecurity obligations on operators of essential services (OES) and Operators of Vital Importance (OIV) as well as digital service providers (DSPs). Through transposition into national law, all target organizations will need to begin compliance starting from October 17, 2024.

Which organizations are affected by NIS2?

OIV, OSE

et FSN (160K+)

€10M – Financial Penalty

maximum

for non-compliance

15 Sectors Affected

By choosing Wimi as your integrated collaborative suite, you directly benefit from the best security practices recommended in NIS2, via the ANSSI SecNumCloud certification (scheduled for 2025), and you have a proven suite ensuring you a level of cutting-edge technical and legal protection for your data.

NIS 2 imposes obligations and compliance on 4 major themes:

Risk Management

Improved Incident Management and Supply Chain Security, Computer Network Security, Access Controls, and Encryption.

Corporate Responsibility

Direct Responsibility of Senior Management in Sensitive Organizations for Training, Supervision, and Approval of Cybersecurity Measures Taken. Possible Sanctions for Violations.

Incident Reporting

Essential Entities (OES) and Important Entities (OIV) must ensure the existence of a security incident reporting process, with an obligation to notify within 24 hours.

PCA/ PRA

A Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are required to address a potential cyber crisis by detailing the procedures and new systems that take over in the event of an incident.

Summary Table: How does a “SecNumCloud” qualified publisher protect your activities from the cyber risks addressed by NIS 2?

Some actors take advantage of market ignorance to “ride the wave” of SecNumCloud. To be NIS2 compliant, be careful not to choose an unqualified publisher! Here are the respective security perimeters of a SecNumCloud qualified actor, an unqualified actor who only has SecNumCloud hosting, and a CSPN software.

SecNumCloud Requirement Themes	SecNumCloud Providers e.g., Wimi (scheduled for 2025)	Non-certified Providers + SecNumCloud Hosting	CSPN Software related to code security
Security Organization CISO, Security Policy Risk Management Processes, documentation, updates Asset Management, etc.
Human Resource Security Contracts, verification Policies Access control Identity management, etc.
Security Commitments Security Assurance Plan Audits Information BCP / DRP, etc.
Software Provider’s Security Processes Access to production environments Backups, restoration Automated detection of usage anomalies Security incident management, etc.
Software Security (Code) Cryptology Regular penetration testing Security features (e.g., strong password, MFA, etc.) Ongoing developer training, etc.
Hosting Security (Servers) Physical and environmental security Centralized machine logging Client data segregation Event analysis and correlation, etc.

Wimi is a key sovereign and secure partner and a key partner for NIS2 compliance

Wimi is an independent 100% French company, founded in Paris in 2010. The hosting of our SaaS solution is carried out on our own infrastructure physically located in metropolitan France. We guarantee to our clients that none of their data will be accessible, transferred, or processed outside the European Union, and SecNumCloud (ANSSI) standards are met, with the aim of achieving certification by 2025.

Wimi aims to become the first collaborative suite labeled Cloud de Confiance

The priority of the Government’s Cloud policy is to offer the highest level of protection for the data of public and private organizations. We have shared this vision at Wimi for more than 10 years. The Cloud de Confiance label provides a double level of security (technical and legal) and allows French organizations to benefit from the most secure Cloud solutions on the market.

Questions/Answers about NIS2 and its link with SecNumCloud qualified solutions

Why did the EU propose a new directive on cybersecurity?

The NIS Directive, the EU's first cybersecurity law, aimed to enhance the resilience of networks and information systems against cyber risks. However, the COVID-19 crisis, the war in Ukraine, and the increasing use of digital services have expanded the threat, necessitating new solutions. The Commission identified gaps in the NIS Directive, including insufficient cyber resilience and inadequate common response to new risks.

On what elements of the original NIS Directive is the NIS2 directive based?

NIS2 builds on three main pillars of NIS1: the NIS1 strategy on network and information system security, the need for Member States to adopt a national cybersecurity strategy, and the requirement for a national competent authority in cybersecurity. NIS2 also continues the NIS1 framework by establishing the NIS Cooperation Group and the CSIRT network to support strategic cooperation and information exchange among Member States.

What are the key elements of the NIS2 directive?

NIS2 aims to provide a higher common level of cybersecurity in the EU by extending cybersecurity rules to new digitized and interconnected sectors, eliminating the distinction between essential service operators and digital service providers, and harmonizing sanction regimes.

How will the new NIS2 rules be supervised and enforced?

The supervision and enforcement of NIS2 rely on competent authorities, which will have a coherent framework for supervision and enforcement activities. Measures include regular and targeted audits, on-site and remote checks, information requests, and access to documents or evidence. NIS2 also establishes a consistent sanction framework across the Union.

What are the sanctions for non-compliance with NIS2?

Sanctions for non-compliance with NIS2 may include fines of up to €10 million or 2% of global annual turnover for essential entities, and up to €7 million or 1.4% for significant entities. Competent authorities must consider the specific details of each case when exercising enforcement powers, including the nature and severity of the violation and the incurred damages or losses.

What is SecNumCloud?

SecNumCloud is a qualification from ANSSI (National Cybersecurity Agency of France) that attests to the compliance of a cloud service (IaaS, PaaS, or SaaS) with the highest security requirements in France. This means that Wimi, as a publisher (SaaS qualification) and through its comprehensive and integrated collaborative suite, provides you with a secure, reliable, and resilient collaborative working environment, protecting your data and your customers' data against cyberattacks and extraterritorial laws (e.g., US Cloud Act).

Who is ANSSI?

The National Cybersecurity Agency of France (ANSSI) is a French public agency under the Prime Minister's authority, dealing with national defense and security issues in the field of cybersecurity. It could be compared to a form of "CISO of the French State," being the most qualified authority in protecting information systems and preserving digital sovereignty in France.

How does Wimi, aiming for ANSSI's SecNumCloud certification by 2025, meet the requirements of NIS 2?

Wimi, as a service aiming for SecNumCloud qualification by 2025, meets the highest security standards defined by the National Cybersecurity Agency of France (ANSSI). This qualification ensures that Wimi provides a level of security and data protection compliant with NIS 2 strict requirements, particularly in terms of risk management, critical infrastructure protection, and cybersecurity incident reporting.

How does Wimi ensure data protection in accordance with NIS 2?

Wimi implements a comprehensive security policy, including data encryption in transit and at rest, role-based access management, and continuous system monitoring to quickly detect and respond to potential threats. Additionally, Wimi is committed to following security incident reporting procedures in accordance with NIS 2 directives, ensuring maximum transparency and responsiveness in the event of an incident.

What are the benefits of choosing a collaborative suite aiming for SecNumCloud 3.2 certification by 2025, like Wimi, to comply with NIS 2?

Opting for Wimi qualified SecNumCloud 3.2 (scheduled for 2025) offers several advantages, including assurance that the service meets the highest security standards of the art state, better management of cybersecurity risks, and compliance with European and French regulations regarding information system security. This also reassures your clients and partners about the protection of data hosted on your suite and your projects.

How do I open a Wimi account?

It's very simple, visit this page, then follow the steps to create your Wimi account. You will be prompted to choose a Wimi account name, e.g., mycompany.wimi.pro, and then you can start exploring the platform. A member of our team will guide you during your 14-day trial period.

Can I request a demonstration?

Absolutely! Simply visit this page and fill out the form. One of our sales representatives will get back to you shortly to arrange a demonstration session of the sovereign and secure collaborative suite Wimi with one of our Customer Success team members, focusing specifically on security features and SecNumCloud qualification.