3 questions on… the EU’s NIS-2 directive

Q: Robert, on October 18, 2024, the new NIS-2 directive comes into force across the EU. What is NIS-2 about?

A: The network and information security directive NIS-2 is designed to boost cybersecurity across the EU and protect essential services and industries such as energy, transport, and healthcare from cyber attacks. It builds on an earlier directive but covers many more sectors and therefore more companies than before, requiring them to meet stricter security standards and report any serious cyber incidents. The objective is to ensure that critical infrastructure across Europe is more resilient and that countries work together more effectively to tackle cybersecurity threats. Personally, I think it will take cybersecurity in the EU to a new level. And globally, too, because companies that are based outside the EU but want to do business in the EU single market will also have to comply.

Q: How is TeamViewer preparing for NIS-2?

A: We have done two things to ensure NIS-2 compliance for TeamViewer itself and for our customers. On the one hand, a specialised independent consulting firm has reviewed our products, our own Information Security Management System (ISMS) and our corporate environment. The consultants confirmed that TeamViewer itself is NIS-2 compliant. On the other hand, we made sure that we fully comply with the ISMS requirements for our existing and new customers as of October 18, 2024. Generally, it has really paid off that we have already invested so much in our security measures over the past years. We had already ticked most of the boxes for NIS-2, for example through our existing ISO 27001 certification.

Q: Why is it important for our customers that TeamViewer is NIS-2 compliant? And what do they have to do to prepare themselves?

A: All our customers that do business in the EU and are within the scope of the directive need to ensure that they themselves and their supply chain is designed safely according to the new law. This means that also suppliers, such as software providers, need to adhere to certain regulations, including TeamViewer. Most companies will prepare for NIS-2 based on their own security specifications and for their suppliers as part of an Information Security Management System (ISMS) and will require regular certifications and evidence from the parties in their supply chain.

The good news is TeamViewer is already NIS-2 compliant now. With the right set of security features, our customers can continue to use our products as usual after the regulation comes into force.