NIS2 Directive Pushes for Unified Physical and Digital Security

European businesses are preparing for the implications of the NIS2 Directive, set to significantly broaden the scope and obligations for compliance across a wider range of organizations starting July 2025. The directive, replacing a 2016 predecessor, is expected to affect over 160,000 entities across critical infrastructure, finance, healthcare, and manufacturing sectors.

ASSA ABLOY has released a whitepaper highlighting that the NIS2 legislation demands an "all-hazard" approach to security, encompassing not only digital networks but also the physical environments where they operate. ENISA, the EU's cybersecurity agency, has identified physical access as a major vulnerability, suggesting that outdated mechanical locks and legacy systems pose significant risks.

The directive mandates that essential and important entities implement "appropriate and proportionate technical, operational, and organizational measures." These include secure identity and access management, ongoing risk analysis, and the protection of physical infrastructure such as servers and terminals. Modern digital access solutions can provide real-time oversight, comprehensive traceability, granular permissions, and rapid deactivation of credentials, thereby facilitating compliance and ensuring accessible audit trails.

These digital systems can reduce reliance on manual key tracking and enable quicker responses to physical attacks. ASSA ABLOY suggests that the NIS2 directive marks the beginning of the end for siloed physical and digital security operations, advocating for a more connected approach to resilience. The company encourages organizations within the directive's scope to strategically evaluate their access infrastructure to close potential vulnerabilities.