Mobile menu
Octopart
Resources Octopart Overview of the European NIS2 Directive

Overview of the European NIS2 Directive

Laura V. Garcia
|  Created: December 4, 2024
European NIS2 Directive Overview

NIS2 is a new EU directive you need to pay attention to.

While there's no denying that digitalization has made for more efficient internal and external processes, easing the movement of goods and minimizing costs, it's this very reliance on interconnected digital systems that has left manufacturers—and their value chains—vulnerable to an unprecedented level of cybersecurity threats as cybercriminals increasingly target vulnerabilities within the supply chain. 

The European Union has once again addressed this area of deep concern through the Network and Information Security Directive NIS2, taking legal measures to bolster cybersecurity defenses across a broader range of sectors, introduce executive accountability, make companies responsible for their supply chains, and implement significant financial penalties for non-compliance.

Let's explore how the NIS2 Directive sets new standards for cybersecurity and what it means for you and your business partners.

The Rising Threat Of Cybersecurity in the PCB Industry

As the capabilities of our adversaries mature, so must our response.

According to CrowdStrike's Global Threat Report 2024, in 2023, the technology sector was the most frequently targeted industry for interactive intrusion activity, and the telecommunications sector was the second most targeted industry.

As key components in almost all electronic devices, PCBs are crucial assets in these and many other vital industries such as aerospace, automotive, and healthcare; any disruption in PCB supply chains caused by cyber threats has the potential to ripple across entire sectors, causing costly delays and operational standstills. However, over the past decade, manufacturing has been transformed by what's been labeled as Industry 4.0 and digital innovations like digital twins, robotics, AI, cloud computing, and the Industrial Internet of Things (IIoT). While these advancements enhance growth and efficiency, they also increase the sector's exposure to cyber threats, offering new entry points for cybercriminals to exploit.

Other factors heightening cybersecurity risks in manufacturing include insufficient employee training, where a lack of awareness may lead to weak passwords or vulnerability to phishing attacks. Additionally, reliance on outdated systems without modern security features creates cyber risks, as do complex supply chains with numerous third-party partners that present multiple entry points for hackers. The highly competitive nature of the industry and its reliance on data-driven operations also increases the likelihood of intellectual property theft or data breaches.

Cyber threats can take many forms, including supply chain attacks, ransomware, intellectual property theft, and production sabotage, and introduce significant financial, strategic, and reputational risks.

Common Types of Cyber Attacks in Manufacturing

Common types of cyber attacks in manufacturing and how they work:

  • Ransomware attacks: Malicious software ("malware") that restricts access to a computer system or files until a ransom is paid.
  • Phishing attacks: Deceptive emails, websites, or messages designed to trick individuals into disclosing sensitive information.
  • Whaling campaigns: Sophisticated phishing attacks targeting high-ranking individuals within an organization.

What does this look like in reality? Through a ransomware attack, bad actors may halt production entirely, with losses cascading both up and down the supply chain. The exposure of proprietary PCB designs through data breaches could lead to possible market losses and competitive disadvantages.

As a recent example of the very real threat cybersecurity poses to the industry, U.S.-based semiconductor supplier Microchip Technology has confirmed that a recent ransomware attack led to the theft of personal information and other data from its systems. The company reported the incident on August 20, notifying the U.S. SEC that some servers and business operations were affected. However, they managed to contain the attack by isolating the impacted systems.

Common Types of Cyber Attacks in Manufacturing

Understanding The NIS2 Directive

An extension of the NIS Directive that was introduced in 2016, which primarily targeted sectors of critical infrastructure, like energy and transport, NIS2 widens the scope of the original regulatory framework, requiring organizations across a broader range of industries to adopt them, a response to the increased maturity and intensity of today's cybersecurity landscape.

Key aspects of the directive you need to be paying to include:

  • Expanded Scope: Unlike its predecessor, the NIS2 Directive includes a broader array of sectors, expanding from core infrastructure industries to a range of manufacturing sectors, including PCB manufacturing, which is classified under the "essential" sector category. The goal is to protect entities that provide services critical to economic and social activities.
  • Stricter Security Requirements: NIS2 enforces more robust cybersecurity measures by mandating that organizations implement procedures for detecting and handling cyber incidents while ensuring business continuity, including incident prevention, risk management, and incident response requirements.
  • Enhanced Supply Chain Security: Regulated in Article 21(2)(d), one of the most important elements of the NIS2 Directive for manufacturers introduces standards for assessing the cybersecurity posture of suppliers. Under this provision, key and essential entities must implement appropriate and proportionate technical, operational, and organizational measures to safeguard supply chain security.
  • Incident Reporting Obligations: Under NIS2, organizations are now required to report incidents to national authorities, imposing a 24-hour deadline for initial reporting and further updates within 72 hours.
  • Accountability and Governance: Adding a new level of responsibility for company executives, under NIS2, organizations must appoint a designated officer or manager responsible for cybersecurity, and senior management can be held accountable for non-compliance. 
  • Sanctions for Non-Compliance: The NIS2 Directive allows for significant financial penalties for non-compliance. These penalties vary but can reach up to €10 million or 2% of the company's global turnover, creating a compelling economic incentive to adhere to the standards.
Understanding The NIS2 Directive

What NIS2 Means For Your Supply Chain

By setting more stringent cybersecurity standards across integral industries, the NIS2 Directive presents both an opportunity and an obligation for PCB manufacturers to meet heightened cybersecurity standards and create more resilient supply chains while doing so.

Here are some specific impacts of the directive on PCB manufacturing supply chains:

Heightened Cybersecurity Standards

The NIS2 directive mandates that PCB manufacturers meet a rigorous set of cybersecurity requirements, including creating and maintaining strong security frameworks, from regular vulnerability assessments to implementing multi-factor authentication and encryption protocols.

Organizations will need to ensure they have mechanisms and budgets in place to continually identify, assess, and mitigate cyber risks, a commitment that may require hiring dedicated cybersecurity personnel, investing in advanced threat detection tools, and creating security operation centers (SOCs) to monitor network activity. For those who previously allocated limited resources to cybersecurity, it's a shift that must be carefully planned for.

Increased Supply Chain Visibility and Transparency

The directive's goal of increased supply chain security will require increased supplier and partner transparency and may require manufacturers to conduct security audits and assessments across the supply chain to ensure compliance with NIS2 requirements.

PCB manufacturers may need to have third-party vendors demonstrate their security practices, something that may cause friction with suppliers and lead to more strategic decision-making to ensure compliance, especially if suppliers are unwilling or unable to meet the directive's standards.

More Rigorous Incident Reporting Protocols

PCB manufacturers are required to report significant cybersecurity incidents to national authorities within 24 hours and provide further updates within 72 hours. As manufacturers well know, shortening time-to-action minimizes impacts. Although it may raise concerns about reputational damage, incident reporting is essential for limiting potential damages.

To meet these reporting requirements, manufacturers need robust incident detection, classification, and escalation processes. Having a streamlined incident response plan in place can prevent breaches from escalating and limit the impact on the overall supply chain.

Executive Accountability and Risk Management Culture

One of the NIS2 Directive's most impactful changes is the requirement for executive accountability in cybersecurity compliance. Top-level executives in PCB manufacturing firms must now be informed and involved in cybersecurity planning and response strategies.

This shift underscores the importance of embedding cybersecurity into the corporate governance structure. Executives need to be educated on cyber risks and encouraged to support cybersecurity initiatives. In turn, the directive emphasizes a "cybersecurity culture," where employees at all levels are trained in best practices, threat awareness, and safe digital behavior.

Penalties and the Cost of Non-Compliance

With penalties of up to €10 million or 2% of a company's global revenue, the financial repercussions of non-compliance with the NIS2 Directive are hefty, and for many PCB manufacturers, they pose a serious threat. Organizations can face severe consequences for failing to meet legal obligations. Companies should take a proactive stance that exploits the opportunity to differentiate and invest in compliance not only as a regulatory obligation but as a cost-saving, brand-enhancing measure.

Beyond the fines, reputational damage could be substantial, especially for manufacturers working with sensitive or high-profile clients. Non-compliance or significant cybersecurity breaches could result in a loss of consumer and partner trust and, ultimately, risk your long-term viability and growth.

What NIS2 Means For Your Supply Chain

How to Comply with the NIS2 Directive

Compliance with the NIS2 Directive requires strategic planning and resource allocation. Here are a few steps PCB manufacturers should consider:

Conduct Cybersecurity Risk Assessments: To help create a targeted cybersecurity strategy and address high-risk areas first, start with a comprehensive cybersecurity risk assessment to identify potential vulnerabilities. 

Develop a Robust Supply Chain Security Strategy: Work closely with suppliers to evaluate their cybersecurity practices and set an action plan to address any concerns. Establish contractual obligations for compliance with cybersecurity standards and require regular reporting on security posture.

Implement Advanced Incident Detection and Response Systems: Invest in systems that provide real-time threat detection and response systems. Establish incident response protocols that allow for swift action and compliance with reporting requirements.

Train Executives and Employees on Cybersecurity Best Practices: Implement a robust training program that involves not only technical staff but also executives and all employees. Building a "cyber-aware" culture can reduce human errors and bolster overall cybersecurity. If you're looking for more help in this area, The World Economic Forum offers a playbook for building a culture of cyber resilience in manufacturing.

Establish Clear Governance and Accountability: Appoint a cybersecurity officer or establish a cross-functional team responsible for cybersecurity compliance. This team should regularly report to the executive board, providing updates on compliance, risks, and incident management.

A More Resilient, Secure PCB Supply Chain

Although compliance may be a hurdle that requires substantial commitment, investment, and adaptation, the upside is a more transparent, secure, and resilient PCB supply chain.

To help put the effort and costs into perspective, Applied Material's 2023 supply chain incident was estimated to have cost the company $250 million.

The importance of cybersecurity in modern times is not undermined by customers and clients and shouldn't be jeopardized by your supply chain. By proactively addressing their vulnerability points and ensuring compliance with the NIS2, companies can not only mitigate the risks of disruption but differentiate themselves as reliable, trusted partners that are doing their part in ensuring the stability and security of the global PCB supply chain.

About Author

About Author

Laura V. Garcia is a freelance supply chain and procurement writer and a one-time Editor-in-Chief of Procurement magazine.A former Procurement Manager with over 20 years of industry experience, Laura understands well the realities, nuances and complexities behind meeting the five R’s of procurement and likes to focus on the "how," writing about risk and resilience and leveraging developing technologies and digital solutions to deliver value.When she’s not writing, Laura enjoys facilitating solutions-based, forward-thinking discussions that help highlight some of the good going on in procurement because the world needs stronger, more responsible supply chains.

More content by Laura V. Garcia

Related Resources

Allocation in the Semiconductor Industry What Is Allocation in the Semiconductor Industry? From silicon to supply chain: In this article, I’ll give you a better understanding of allocation in the semiconductor industry. Read Article
Seven Deadly Sins of Negotiating The Seven Deadly Sins of Negotiating Negotiation misjudgments are often more crucial than brilliant strategies. Like the infamous Seven Deadly Sins, there are key mistakes that can doom you. Are you guilty of making any of these fatal errors? 1. Pride - Failing to Adapt Your Style Why It's a Sin: Pride in your own approach can prevent you from adapting to different negotiation scenarios and counterparts. When you rigidly stick to one style, you may fail to see that each negotiation Read Article
Procurement Under Pressure Cost Reduction Targets Procurement Under Pressure: Challenging the CFO’s Focus on Cost Reduction Targets You know you're in procurement when you hear "cost reduction" more often than "good morning." Each quarter, you face a new set of cost-cutting goals from the CFO, often disconnected from the realities of sourcing and supply chain complexities. It's like being in a never-ending episode of "The Price Is Right," except nobody's winning. Let's talk about how to change the script. Understanding the CFO's Perspective (Yes, They Have Challenges Too) Read Article
Guide to Transforming Procurement Beyond Cost Reduction: A Rebel's Guide to Transforming Procurement Enough with the outdated fixation on cost savings. Modern procurement approaches center on innovation, risk management, and sustainability but some companies just aren't there yet. Respect your stakeholders, but don't let their authority alone determine what is important. Question everything and push back on out-of-date practices. If you do it right, they'll thank you. Your New Superpower: "Influence Without Authority" Need to sway a decision or Read Article
What Is an RJ-45 Connector What Is an RJ-45 Connector? A registered jack 45 (RJ-45) is the most common connector in wired networks. Understanding the basics of these connectors is a must for anyone working with Ethernet or LAN networks. RJ-45 connectors are the industry standard for creating stable, high-speed network connections. Knowing how they work, how to wire them, and the different types available is essential for engineers, IT professionals, and DIY enthusiasts. Join us as we explore RJ-45 Read Article
Integrated Circuits What Are Integrated Circuits? Electronic integrated circuits (ICs) are known by various names, such as microchips, computer chips, or compact electronic chips. Whatever you call them, these mini powerhouses are the driving force behind many of the devices we rely on daily, including computers, smartphones, and televisions. But what exactly are integrated circuits, and why are they so important? Come with us as we explore what integrated circuits are, the different types Read Article
Compliance Success For Long Lifecycle Products Compliance Success For Long Lifecycle Products While it is true that for industries requiring high-reliability printed circuit boards (PCBs), such as aerospace, medical, and automotive, compliance success may be paramount, when designing for extended lifecycle use, the challenges of compliance are intensified—changing regulatory landscapes, material obsolescence, and complex, interdependent supply chains make compliance success hard. Luckily, by integrating the right tools to better manage Read Article
India vs China Manufacturing Looking Into the Future – Can India Take China’s Crown in Manufacturing? India and China, two of the world's most populated countries, have both been on the radar for their potential in the global manufacturing sector. China has long held the crown as the "world's factory" with a robust manufacturing sector and a well-established supply chain. However, India is now actively working to expand its industrial footprint, raising the question: Can India Take China's' Crown in Manufacturing? As India positions itself as a Read Article
Workforce Skills Gaps The Big Challenges Driving Today's Workforce Skills Gaps Why such an intense focus on domesticating PCB supply chains? Well, for civilians, a chip runs their daily electronics and automobiles, an important role for sure, but for the U.S. military, smart chips make smart bombs. However, despite its criticality, revitalizing the U.S. PCB industry requires much more than just investments in infrastructure; it requires a complete overhaul of the workforce. Employers and their partners must equip their Read Article
What Is an RJ45 Port on a PCB? What Is an RJ45 Port on a PCB? Ever since the introduction of Ethernet, the RJ-45 port (or RJ-45 jack) has become the standard for connecting wired LANs in commercial settings. When used on PCBs and in panel-mount versions, these connectors come in two common formats: magjack and non-magjack, and there are some specialized connector options that provide superior ingress protection ratings. While a common usage is in home networking equipment, today, it's common to see an Read Article

Related Technical Documentation

Tutorial - Searching for and Acquiring the Components in Altium Designer Tutorial - Searching for and Acquiring the Components in Altium Designer

Explore Altium Designer 24 technical documentation for Searching for and Acquiring the Components and related features.

 Read Documentation
Managing Project Documents in Altium Designer Managing Project Documents in Altium Designer

Explore Altium Designer 24 technical documentation for Managing Project Documents and related features.

 Read Documentation
Navigating a Document in Altium Designer Navigating a Document in Altium Designer

Explore Altium Designer 24 technical documentation for Navigating a Document and related features.

 Read Documentation
Saving Projects and Documents in Altium Designer Saving Projects and Documents in Altium Designer

Explore Altium Designer 24 technical documentation for Saving Projects and Documents and related features.

 Read Documentation
Navigating a Project using Design Insight Features in Altium Designer Navigating a Project using Design Insight Features in Altium Designer

Explore Altium Designer 24 technical documentation for Design Insight and related features.

 Read Documentation
Creating a Project Template in Altium Designer Creating a Project Template in Altium Designer

Explore Altium Designer 24 technical documentation for Creating a Project Template and related features.

 Read Documentation
QuickNav - Panels in Altium Designer QuickNav - Panels in Altium Designer

Explore Altium Designer 24 technical documentation for QuickNav - Panels and related features.

 Read Documentation
Local Version Control Service with Altium On-Prem Enterprise Server Local Version Control Service with Altium On-Prem Enterprise Server

This page looks at the Enterprise Server's local version control service, available for those who have upgraded from Altium Vault 3.0. Use this service to create new repositories (SVN-only), or connect to external repositories (SVN or Git)

 Read Documentation
Design Data Comparisons in Altium On-Prem Enterprise Server Design Data Comparisons in Altium On-Prem Enterprise Server

Explore Altium On-Prem Enterprise Server 7.0 technical documentation for Design Data Comparisons and related features.

 Read Documentation
Altium On-Prem Enterprise Server FAQs Altium On-Prem Enterprise Server FAQs

This page presents a listing of frequently asked questions for the Enterprise Server. Covers general questions, as well as those regarding licensing, component management, design management, and ECAD-MCAD CoDesign

 Read Documentation
Back to Home

Table of Contents

Altium Designer Logo

Take advantage of the world's
most trusted PCB design system.

One interface. One data
model. Endless possibilities.

Effortlessly collaborate with
mechanical designers.

The world's most trusted
PCB design platform

Best in class interactive
routing

View License Options
Get Access to Altium 365

Start Using Altium 365

Contact us

Thank you, you are now subscribed to updates.