African businesses have been advised to meet the European Union’s (EU) heightened cybersecurity standards following the introduction of the Network and Information Security (NIS2) Directive.
The directive, which came into effect this month, requires EU member states to update their national laws, imposing stricter cybersecurity regulations.
The NIS2 Directive builds on the original NIS1 Directive from 2016, expanding its scope to cover a broader range of sectors, including energy, banking, healthcare, transport, digital infrastructure, food production, and research. With over 80% of European enterprises now under this legislation, the directive also impacts global supply chain partners, including many African firms.
The EU remains Africa’s largest trading partner, with trade agreements exceeding 18 partnerships and billions of dollars exchanged annually. As such, compliance with the NIS2 Directive is crucial for African businesses to maintain their positions within the EU’s supply chains. Failure to meet the new standards could result in substantial fines and the potential loss of critical trade partnerships.
Collins Emadau, a Check Point partner and director at Westcon, emphasized the importance of compliance, particularly for African economies like South Africa, Kenya, and Nigeria. “Compliance is not just about meeting EU standards—it’s about securing their future in a globalized market. Non-compliance could lead to heavy fines and the loss of key trade relationships with EU member states,” he warned.
Issam El Haddioui, head of security sales engineering for Africa at Check Point Software Technologies, stressed that improving cybersecurity readiness would not only ensure compliance but also protect African companies from evolving cyber threats. The financial impact of cybercrime in Africa is estimated to exceed $4 billion, representing around 10% of the continent’s GDP.
NIS2 introduces personal liability for business leaders in the event of a cyberattack, meaning executives could be held financially accountable. Penalties include fines of up to 7 million Euros or 1.4% of a company’s global annual turnover.
