NIS2 Directive tightens cybersecurity requirements – Abloy Oy supports organisations in the transition
The EU’s revised cybersecurity directive, NIS2 places significantly stricter obligations on organisations regarding information security, risk management, and oversight of supply chains.
Although the regulation is primarily aimed at critical sectors, its impact swiftly extends to supply chain partners and contractual frameworks. The directive highlights the importance of robust and comprehensive risk management, covering everything from administrative information security to physical security measures. NIS2 places leadership at the forefront, requiring greater transparency and a clear ability to demonstrate compliance.
“Cybersecurity is no longer just the responsibility of the IT department, it’s something the whole organisation needs to take seriously,” says Tommi Törmänen, Information Security Manager at Abloy.
Certified partner supports NIS2 compliance
Abloy has proactively prepared for the requirements of the NIS2 Directive.
“A comprehensive self-assessment carried out in 2024 required over 200 person-days and involved a thorough review of cybersecurity practices across the entire organisation. This readiness was further strengthened by the fact that Abloy’s operations have been ISO/IEC 27001 certified since 2017”, Törmänen explains.
This international standard, depending on its implementation, covers up to 90 per cent of the core requirements of the NIS2 Directive and serves as a concrete benchmark for organisations seeking to evaluate the cybersecurity readiness of their partners.
At Abloy, information security is seamlessly integrated into the lifecycle of its products and systems. Access control solutions support customers both operationally and in terms of compliance. They enable access management, physical security, and comprehensive event logging – all essential for meeting NIS2 requirements.
In addition, Abloy provides customers with technical documentation, comparative data, and expert services that facilitate compliance and support the holistic development of information security.
Now is the time to start preparing
Abloy sees the NIS2 Directive as a welcome step forward – one that helps strengthen society’s overall resilience against evolving threats. Cybersecurity is no longer just a technical issue; it’s a strategic part of how organisations operate and maintain trust.
According to Törmänen, cybersecurity regulations will continue to expand and become significantly more detailed.
“If you aim to operate reliably and securely, these matters must be addressed without delay. Compliance also offers a competitive edge. Organisations that invest in cybersecurity foster trust among stakeholders and bolster their resilience in the cyber environment,” he emphasises.
Abloy stands ready as a partner and trusted advisor throughout this transition.