EIF 2024 Review - Cybersecurity CRA & NIS2

Author photo: Thomas Menze and Constanze Schmitz
ByThomas Menze and Constanze Schmitz
Industry Trends

ARC’s European Industry Forum, part of the successful series of worldwide conferences in Europe, America and Asia, has been held in Sitges (Barcelona), Spain on May 6-8, 2024. The event offered exclusive presentations and workshops on strategies and case studies in line with this year’s topic “Managing Digital Transformation in the Age of AI, Open Architectures, and Sustainability” to its 150 international participants from over 20 countries.

Cybersecurity: CRA & NIS2 panel
According to the cyber security panel discussion, the “Network and Information Security 2” (NIS2) directive is a significant step towards enhancing industrial cybersecurity in the European Union. It introduces a range of obligations on manufacturers, importers, distributors, and other stakeholders in the digital ecosystem, including automation system suppliers.

Automation system suppliers will need to ensure their products comply with the new regulations. They will also need to conduct cyber risk assessments before a product is placed on the market. Additionally, suppliers will have additional due diligence requirements regarding their third-party suppliers of components, especially where those components may impact the overall security of the device. 


NIS2 introduces stricter penalties for non-compliance, including fines of up to 10% of an entity’s annual turnover. For entities defined as “critical”, Member states are required to impose a fine of 10 million Euros or 2% of global annual turnover. 

To ensure compliance with the NIS2 directive, automation suppliers can take several steps. They can establish a singular, centralized governance structure for their company security, educate their staff about the NIS2 Directive and its implications, assess their current security measures and identify areas for improvement, and determine which of their partners and suppliers will be affected by the NIS2 Directive.

End users are expected to become more aware of the cybersecurity measures in place for the digital products they use, and to manage their own responsibilities as system operators. System integrators will need to ensure that the systems they integrate comply with the new cybersecurity standards, and to conduct cyber risk assessments before their solution is placed on the market. Therefore, it is crucial for end users and system integrators to stay informed about the NIS2 directive and its implications, and to adopt best practices for cybersecurity governance, awareness training, security health check, and supply chain security.

ARC’s European Industry Forum & Platform
We like to thank our sponsors, who supported the ARC EIF 2024, and all our speakers and presenters, who made the event interesting, exciting and memorable. The next Forum will take place in Sitges (Barcelona), Spain, on May 5 – 7. For more information, please contact Ann-Kathrin Blech (mailto:ablech@arcweb.com).


Engage with ARC Advisory Group

Representative End User Clients
Representative Automation Clients
Representative Software Clients