The Danish Industry Foundation recently published a new mapping showing that 1,079 companies must comply with the new information security requirements laid out in the forthcoming NIS2 Directive from the EU. The requirements aim to ensure that companies part of critical infrastructure are better equipped to withstand cyber threats.

“There’s a pressing need to make our societies more resilient to cyber threats. The new mapping from the Danish Industry Foundation, to which we, the Danish Chamber of Commerce, have contributed, shows an urgent need to get the Danish authorities involved as quickly as possible, and to facilitate a good dialogue with the authorities and the business sector, thereby preventing companies with activities in several sectors from having to deal with several different legal texts. Overall, we must help companies and ensure an efficient and manageable implementation. In the first NIS Directive, 15 companies were affected, so this is a huge increase in the number of companies,” says Vice President of the Danish Chamber of Commerce Casper Klynge.

New industries are affected.
Some of the companies that must live up to the requirements of NIS2 are already subject to the first NIS Directive, which was implemented in Denmark in 2018, but with this update, several new sectors are affected. This point makes the updated requirements an extensive task for many Danish companies.

“Among our members, several industries must comply with the new requirements. These include the food and retail industries and the companies that supply Denmark’s digital infrastructure. This has prompted us to, among other things, start a dialogue with the telecommunications companies and the Danish authorities on how we can achieve a good implementation of the new rules in this area. We’re also carrying out information meetings targeted at various industries in collaboration with some of the country’s leading experts, and it may be particularly important to provide advice and guidance to the 36 % of small businesses affected by the new directive,” Casper Klynge says.

Need for prompt authority efforts.
There are still some uncertainties about what the specific rules will look like in Denmark. Ultimately, the responsible authorities must draw up lists of companies in Denmark that will be subject to the new rules.

“We call on the Danish authorities to get involved as quickly as possible. We advise a wide range of companies, from stockbrokers to housing associations, who call us for our assessment of whether they will be covered by these rules. Fortunately, we can often help them on their way, but ultimately, we can’t tell them anything definitive. We, therefore, urge the Danish authorities to initiate the official mapping as soon as possible to provide the companies with clear information on whether they are subject to the new rules,” says Casper Klynge.