In this article, you will find out why companies need to take action and how modern access control can optimize building security.
With the new NIS2 Directive and the supplementary CER Regulation, the EU is significantly tightening the requirements for IT and physical security. Many companies are affected – often without realizing it. New requirements are emerging, particularly in the area of access control: Processes must be more transparent, systems must be more robust and access must be controlled in a more targeted manner. Acting now will not only protect buildings and employees, but also business processes and reputations.
What is NIS2 – and who does it affect?
The NIS2 (Network and Information Security) Directive is the revised version of the original 2016 NIS Directive and aims to strengthen the cyber and physical resilience of critical facilities across Europe – organizations that are particularly important to the functioning of our society.
Companies from the following sectors are affected, among others:
- Energy
- Transportation & Traffic
- Health
- Water and waste management
- Public administration
- Digital infrastructures
- Food production
- Finance and insurance
But beware: Medium-sized suppliers and service providers who work with these sectors can also fall within the scope of application – even if they are not directly considered a “critical facility”.
The CER regulation: access control becomes an issue!
In addition to NIS2, the so-called CER Regulation (Critical Entities Resilience) comes into force. This obliges member states to identify particularly vulnerable facilities – and ensures that security measures are not just recommended, but mandatory.
Specifically, it means:
"...ensure adequate physical protection of their premises and critical infrastructure, with due regard to, for example, the installation of fencing and barriers, perimeter surveillance tools and procedures, detection devices and access controls..."
For companies, this means
Physical security measures – including modern access controls – will be a central component of integrated security strategies in the future.
Rethinking access control – with a system and strategy
If you are responsible for security, HR or building management in your company, the question now arises:
How secure is our access system really?
The new regulations require:
- seamless traceability of access,
- Clear access rights at employee level,
- Protection against sabotage or unauthorized access – even from the inside,
- and effective visitor management.
Not to forget: If you react too late, you risk penalties, loss of image and, in the worst case, business interruptions.
Even if many details depend on national implementation, one thing is certain:
It’s worth starting strategically now.
Because it needs:
- Planning effort
- Capacities with hardware and software providers
- Implementation time on site
How ZMI can support you
ZMI has been a reliable partner for digital access control, Time & Attendance and building security for many years. Our solutions are not only efficient and easy to use, but also meet the highest security standards – a clear advantage in the context of the new legal requirements.
What we offer in concrete terms:
- Access control systems for all company sizes: scalable, GDPR-compliant, modern via RFID or smartphone
- Visitor management with complete documentation and evaluability
- Individual access authorizations with precise time and area control
- Connection to existing Time & Attendance and HR systems – for seamless processes
Whether for individual locations or as a comprehensive security concept – we support you in making your access systems future-proof.
Conclusion NIS2 Compliance: Now is the right time
The NIS2 Directive brings new requirements – and new opportunities. Even if the specific obligations are not clearly regulated until national implementation, it makes sense to get started now.
After all, those who start early are not only ahead in terms of security and compliance – but also in terms of trust and resilience.
Get your initial consultation from our access expert Jens Stöter now:
Note: This blog article does not constitute legal advice and, in particular, cannot replace individual legal advice.
*: Source on 29,000 affected companies: On the BSI website