Energy startup blueprint via NIS2 platform website

The European Union (EU) has unveiled a new project aimed at strengthening cybersecurity in the power sector, with a particular focus on helping start-ups and Small and Medium-sized Enterprises (SMEs) meet the requirements of the NIS2 directive.

The NIS2 directive, a uniform legal framework for maintaining cybersecurity in 18 critical sectors across the EU, seeks to protect network and information systems from cyber threats and attacks. The project's duration is from September 2022 to July 2025.

The NIS2 Roadmap, a practical guide for energy start-ups and SMEs, offers concrete recommendations for action in areas such as procurement, asset management, incident readiness, crisis communication, risk management, and secure software. The Roadmap was developed in cooperation with intcube GmbH, the Society for Computer Science e.V., and Cyber Policy House BV.

The Roadmap is based on mentoring sessions with seven start-ups and SMEs in the energy sector. It is designed to be barrier-free, meaning it is accessible to all users. The main topics covered include digitalization, overall system, legal framework, driving digitalization & innovation, and security.

One of the key objectives of the project is to unite the industries for power, digital, and cybersecurity. This collaboration was initiated by parties partly from the industry, with political stakeholders joining quickly and becoming shareholders. Gelsenwasser AG's involvement in cybersecurity in critical infrastructure sectors like water management, which is closely related to energy infrastructure security, is a prime example of this collaboration.

The NIS2 directive is currently being transposed into German law. The Roadmap, available as a 1.92 MB pdf on the website, serves as an orientation for companies, strengthening security awareness, and offering guidance on how to implement the NIS2 directive effectively.

Start-ups and SMEs may face NIS2 requirements, even if they have fewer than 50 employees and are part of the supply chain of larger, NIS2-regulated companies. Therefore, the NIS2 Roadmap is a valuable resource for these companies, providing them with the necessary tools to enhance their cybersecurity measures and contribute to a safer and more secure digital future.