- Expanding its coverage to include more sectors and businesses.
- Setting minimum cybersecurity risk management requirements.
- Mandating incident reporting procedures.
- Encouraging cooperation and information sharing among Member States.
In an era of increasing cyber threats and rapid digital transformation across industries, the European Union has introduced a new cybersecurity framework — the NIS 2 Directive (in Bulgarian, МИС 2 – the Network and Information Systems Directive). The goal is to strengthen the resilience and security of critical infrastructure, digital service providers, and IT organizations across the EU, including Bulgaria.
With NIS 2 now in force, businesses in various sectors must meet stricter cybersecurity requirements. This article explains what the Network and Information Systems Directive entails, which companies are affected, what measures must be taken, and why it’s essential to act now.
NIS 2, or Network and Information Security 2, is the updated version of the original NIS Directive, first introduced in 2016. It was the EU’s first piece of legislation focused specifically on cybersecurity. The updated MIS 2 directive significantly expands the scope of regulation, introduces clearer responsibilities for management, and enforces tougher penalties for non-compliance.
The objectives of NIS 2 are to ensure a high common level of cybersecurity across the EU by:
Under MIS 2, the number of entities covered by the regulation has increased substantially. In addition to operators of essential services (such as energy, transportation, and healthcare), many private companies in Bulgaria are now included, such as:
Cloud service providers
Financial and consulting firms
E-commerce platforms storing customer information
If your business is classified as an “essential” or “important” entity under Network and Information Security 2, you must comply with the Network and Information Systems Directive.
According to MIS 2, affected companies are obligated to implement the following security measures:
Establish internal policies for identifying and minimizing cyber risks.
Use multi-factor authentication and encrypt sensitive data.
Create clear procedures for handling cybersecurity breaches.
Report major incidents to national authorities (in Bulgaria, the Communications Regulation Commission) within 24 hours.
Raise awareness and train staff to recognize and prevent cyber threats.
Ensure your suppliers also comply with NIS 2 security standards.
MIS 2 comes with severe consequences for failure to comply. Organizations can face fines of up to €10 million or 2% of annual global turnover, whichever is higher. This underscores the EU’s serious stance on cybersecurity and the enforcement of the Network and Information Systems Directive.
Beyond financial penalties, a cyberattack can result in:
Leakage of sensitive information
Reputational damage and potential lawsuits
Assess Risk and Scope – Determine whether your company falls under MIS 2 obligations.
Conduct an Internal Audit – Review your current cybersecurity status and identify vulnerabilities.
Develop a Compliance Plan – Set specific actions to align with the directive.
Partner with Professionals – Work with cybersecurity experts who understand Network and Information Security 2.
Train Your Team – Invest in ongoing training to reduce human error and improve threat awareness.
Web Development and Web Security
Marketing, Optimization, and Digital Design
NIS 2, or MIS 2, is no longer a future concern — it’s a current reality. Thousands of Bulgarian businesses will be impacted. The requirements are not just regulatory checkboxes; they are critical to operating safely in today’s digital landscape.
Start preparing now to avoid penalties and protect your organization from evolving cyber threats. With TouchPoint as your trusted partner in Network and Information Security 2, you can ensure full compliance and peace of mind.
57 Cherni Vrah Blvd., Energy Tower,
floor 7,
1407
+359 2 4475 124
87 Prilep Str., Business Center BeeGarden,
Office 20, 9000
+359 882 011 010
Flat 12, Woodland court, 12 Penn hill avenue,
Poole, BH14 9LZ
+447738 080638