In Iceland the law Act No. 78/2019, on the security of network and information systems of critical infrastructures, entered into force on 1 September 2020. It is based on the EU NIS-1 Directive from 2016 but in January 2023 a new directive was issued by the EU, which has been named NIS-2. This directive took effect within the EU in October 2024 but has not yet entered into force in Iceland directly as Iceland is a part of the European Economic Zone. Indirectly the directive has taken effect in Iceland. Icelandic companies acting as suppliers to companies within the EU might have to present to their partners some kind of verification for an Information Security Management System (ISMS).

Main changes

In general, this directive directly covers more aspects of the business sector than before. It also includes fines based on a percentage of turnover, as well as the possibility for authorities to temporarily remove company managers from their jobs if they do not meet requirements for improvements in the field of information security. The latter has raised some concerns among managers, as it is rather unusual. However, it is clear that the main idea regarding NIS-2 is to ensure the information security of critical infrastructure.

Implementation of NIS-2

Infoguard is a partner for ISO Planner as well as with Instant27001 for a fast and affordable to implement ISO 27001:2022. We are also in partnership with Insight24 offering consulting services for ISO 27001:2022 as well as NIS-2 specifically.

ISOPlanner simplifies ISO compliance with an easy-to-use solution for Microsoft 365. ISOPlanner uses your Microsoft 365 account and leverage Sharepoint, Outlook, Teams, Dynamics, Azure and Power Bl for an integral compliance experience. The integrated AI Assistant and the Microsoft Power Platform works to increase productivity and embed your compliance controls into your processes. As ISOPlanner works within Microsoft 365 your data never leaves the Microsoft 365 ecosystem. It also leverages compliance products within Microsoft 365/Purview as well as Microsoft Defender/Intune/Sentinel to implement ISO 27001 controls.

Instant 27001 helps organizations implementing ISO 27001 in the shortest amount of time and success is guaranteed. Since 2018 Instant27001 have already helped more than 2,000 organizations improving their cybersecurity posture, preventing data breaches and building stakeholder trust. Instant 27001 is available Microsoft 365 (ISOPlanner) starting at only € 1995 (one time fee).

Insight24 is a Dutch consulting company with a a clear focus on becoming a trusted European consultancy for small and midsized enterprises (SMEs) in Governance, Risk & Compliance (GRC) and IT Security Management services.Their approach is different as they specialize in supporting SMEs, offering a combination of practical compliance expertise and deep technical IT knowledge. This hands-on, service-driven mindset is what sets Insight24 apart and makes us a valuable partner for our clients. Infoguard is partnering with Insight24 for their experiance for NIS-2 and ISO27001 implementations.

Please contact us at infoguard@infoguard.is for more information