What you need to know about the EU’s new NIS 2 Directive and DORA – and how Salto fits in

Keeping up with regulatory changes helps organisations stay safe in a rapidly evolving cybersecurity landscape.

In the realm of cybersecurity, safeguarding critical infrastructure and ensuring operational resilience have never been more essential. Recognising the growing complexity of cyber threats, the European Union has introduced legislative measures like the Network and Information Security Directive and the Digital Operational Resilience Act to establish stringent cybersecurity standards. Salto’s smart access and identity management solutions are designed to support organisations in achieving compliance with these vital frameworks, offering robust security and operational continuity.

Here is a comprehensive guide to navigating these directives and ensuring your organisation's cybersecurity readiness.

Understanding the NIS 2 Directive

The Network and Information Security Directive (NIS 2), effective as of October 18th, sets a high common level of cybersecurity for companies operating across the EU. Expanding on its predecessor, the NIS Directive, it emphasises enhanced security measures for network and information systems, as well as improved incident reporting protocols.

NIS 2 mandates that European companies which fulfill certain conditions adopt technical, operational, and organisational measures to manage cybersecurity risks effectively. The Directive covers companies within 18 sectors, including energy and critical infrastructures, finance, healthcare, manufacturing facilities, and public infrastructure.

Conducting a comprehensive risk assessment is the first step toward aligning processes with the requirements of NIS 2. This involves identifying and evaluating potential cyber threats that could impact business operations. Other key aspects of NIS 2 compliance include:

1. Identity management, authentication, and access: This requirement encompasses a broader set of entities, including suppliers, with varying size thresholds.
2. Data security: This element imposes stringent security measures to mitigate risks and protect systems from cyber threats.
3. Quick detection and response to cyber incidents: NIS 2 calls for timely reporting of cybersecurity incidents to designated authorities.
4. Continuous security monitoring: Companies are required to ensure security standards are upheld at all times.

What is DORA?

The Digital Operational Resilience Act (DORA), effective from January 2025, focuses on strengthening IT security within the financial sector. Covering 20 types of financial entities – including banks, insurance firms, and ICT third-party service providers – DORA harmonises operational resilience rules to ensure that the sector can withstand severe operational disruptions.

DORA’s scope extends beyond mere protection. It highlights the need for consistent operational continuity and preparedness across financial institutions and their IT service providers. Key aspects of DORA compliance include:

1. ICT risk management: DORA requires institutions to prepare comprehensive resilience testing programs for all digital operations.
2. Incident reporting: This feature compels companies to report ICT incidents affecting operations to financial authorities and all affected parties.
3. Third-party risk management: With this aspect, organisations must develop a regularly updated strategy for minimising third-party risk, including contractual agreements and monitoring.
4. Information sharing: Entities operating in the financial sector must transparently share information about vulnerabilities and cyber threats.

Guarantee NIS 2 and DORA compliance with Salto smart solutions

Salto’s wide-ranging access control solutions secure environments from offices to data centers and critical infrastructure. As such, we’re uniquely positioned to help our clients and partners meet NIS 2 and DORA standards. Salto smart access and identity management solutions provide the following capabilities aligned with NIS 2 and DORA requirements to simplify the journey to compliance:

• Enhanced access control: Delivering advanced solutions for secure sensitive areas ensures that only authorised personnel gain entry. Organisations can restrict access to specific zones, define time-based schedules, and use various access methods, including smart cards and fobs, mobile access, keypads, and biometric authentication.
   
• Salto’s ID Visitor Management solution: This enhances access control systems for NIS 2 compliance, boosting security and accountability for all on-site visitors. Providing digital registration allows visitors to access authorised areas only, supported by features like real-time notifications and personalised visitor badges.
   
• Comprehensive audit trails: To meet NIS 2 and DORA requirements, organisations must maintain detailed records of access events. Our smart solutions automatically generate thorough logs and audit trails, giving your company a powerful tracking system that records who accessed specific doors and at what times. This reinforces compliance and accountability in the event of incidents.
   
• Resilient access control and state-of-the-art electronics locking solutions: Reflecting DORA’s emphasis on operational continuity, Salto’s intelligent access control solutions keep critical access points secure and functional, even during power outages or network failures. This reliability enables your organisation to maintain security seamlessly through unexpected disruptions.
   
• Multi-factor authentication (MFA): This technology provides an added layer of security by necessitating multiple verification steps beyond traditional passwords. Salto’s smart access solutions integrate MFA protocols into existing security systems, fortifying your organisations’ defenses against cyber threats.
   
• End-to-end authentication solutions: Ensure secure access to applications, networks, and access control management platforms and operators. Salto’s solutions deliver secure credentials on physical and mobile devices, guaranteeing seamless user authentication.

Get ready for NIS 2 and DORA: Securing tomorrow

Security is at the core of Salto’s operations. As one of the world’s leading access control providers, we embed privacy and safety into every aspect of our products and services. In the face of evolving cyber threats and regulatory demands, we’re dedicated to ensuring that our smart access technologies and solutions comply with these heightened security standards.

Cultivating a culture of continuous security improvement is key to maintaining NIS 2 and DORA compliance. At Salto, we proactively embrace NIS 2 and DORA requirements to develop cutting-edge smart access solutions you can rely on. By leveraging our innovative solutions, organisations can fortify their cybersecurity posture and navigate the complex landscape with confidence. Download a copy of Salto’s NIS 2 Directive and DORA Compliance guide today, and start propelling your company toward robust security industry compliance and operational resilience.

Download a copy of Salto’s NIS 2 Directive and DORA Compliance guide today, and start propelling your company toward robust security industry compliance and operational resilience.