The new EU Cybersecurity Directive “NIS2” brings significant changes to cybersecurity and will now affect companies that have not had to comply with any obligations before. Will the upcoming changes have an impact on your organization? And can you gain something extra from it?

By 18 October 2024, Member States must adopt, publish and apply the measures necessary to comply with the NIS2 Directive. To comply with the key “protection against cyber attack” requirements of the NIS2 Directive, it is essential to also address the following:

    • Identity management and authentication
    • Access permission control
    • Access control

NIS2 explicitly highlights the importance of continuous and multi-factor authentication, making it clear that a zero-trust approach is the way forward.

Moreover, NIS2 requires the implementation of new methods for reporting and auditing, which are a part of IAM solutions.

With the emphasis of NIS 2 on supply-chain management security it requires organizations to control more identities than just their own. Implementing access control concepts like single-sign-on (SSO) or role-based access control (RBAC) will be important to address supply chain integrations.


The new requirements for access control and authentication can best be met by implementing Identity & Access Management tools. However, the implementation of Identity management (IdM) and access permission control is not only beneficial because of the new obligations. For example:

    • A perfect overview of all the people who work with your systems and their access.
    • Automated management of accounts and access permissions across all your systems.
    • Clear and easy-to-use user self-service that minimizes technical support requirements.
    • Rule-driven permission assignment and continuous control – users will have exactly the access they need and no other.
    • Audit all events with accounts and detailed reporting on events and user status.

And many other benefits…


All the organizations that are currently subject to NIS compliance requirements, it must continue to comply with the updated NIS2 regulations. NIS2 now also applies to all medium and large enterprises that provide a service the disruption of which could have a significant impact on the provision of important social or economic activities. This includes:

Sectors of high criticality: energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, ICT service management, public administration, and space.

Other critical sectors: postal and courier services, waste management, chemicals, food, manufacturing, digital providers, and research organizations.


We have been dealing with identity management and access control for a long time and we know the benefits and pitfalls of its implementation. That’s why we recommend a three-step process, during which trust between the company and the supplier is gradually deepened:

    1. Assessing the status of accounts, permissions and their management processes – you’ll get an overview of the state of your data and potential risks.
    2. Feasibility analysis – you’ll find out what it will take to implement IdM in your organisation’s environment.
    3. Implementing IdM or IAM – you’ll have your systems integrated under a centralized identity management system perfectly aligned for your business.

At Orchitech, we also provide these services as standalone options, conducting both the assessment and feasibility analysis without being tied to a particular technology.