The Network and Information Security (NIS2) Directive has upped the bar for African businesses to meet the European Union's strict cyber security standards.

The European Union’s NIS2 Directive, came into effect this month and requires member states to amend their national legislation. 

The Directive imposes strict cyber security requirements, including enhanced management liability, reporting to authorities, risk management, and business continuity planning, placing African companies trading with the EU under increased scrutiny.

It builds on the original NIS1 Directive introduced in 2016, expanding its scope to cover a wider range of sectors including energy, banking, transport, digital infrastructure, healthcare, food production, and research.

More than 80% of European enterprises are now within the scope of this legislation, which extends to global supply chain partners, including many businesses in Africa.

Compliance is critical for the continent as the European Union remains the largest trading partner for Africa, with over 18 economic partnership agreements and trade worth billions of dollars annually.

African businesses are key European partners and must comply with the NIS2 to remain on the supply chain list of this critical block which mandates strict cyber security measures.

Collins Emadau, Check Point partner and director at Westcon implored African businesses to swiftly comply with the new EU cyber security directive.

“Europe is still Africa’s leading trading partner. African businesses, particularly in leading economies such as South Africa, Kenya, and Nigeria, need to understand the far-reaching impact of NIS2. Compliance is not just about meeting EU standards—it’s about securing their future in a globalised market. Failure to comply will result in not only heavy fines but also the potential loss of critical trade partnerships with EU member states," said Emadau.

Issam El Haddioui, head of security sales engineering at Africa, Check Point Software Technologies said by improving cyber-readiness, African businesses not only comply with international standards but also protect their data, operations, and reputations from evolving threats.

Presently, the estimated financial impact of cybercrime in the region is over $4 billion, representing about 10 percent of Africa’s total GDP.

It is against this background that the NIS2 introduces personal liability for business leaders in the event of a cyber-attack, meaning that executives themselves can be held financially accountable for breaches. Penalties include fines of up to 7 million Euros or 1.4% of a company’s global annual turnover.