The revised directive on the security of network and information systems (NIS2) will apply to postal service providers, including providers of courier services, that have more than 50 employees and a total annual turnover of €10m or more. This includes all providers that provide at least one of the four steps in the postal delivery chain, excepting transport.
Postal service providers must establish a cybersecurity risk mitigation strategy that:
- assesses the risks associated with their network and information systems;
- implements security policies to address the identified risks;
- establishes access control policies and uses authentication solutions to prevent unauthorised access;
- includes an incident handling procedure in response to cyberattacks; and
- establishes a service continuity strategy, including disaster recovery.
Postal providers must also notify significant security breaches within 24 hours to the national computer security incident response team.
As so-called “important entities” under NIS2, postal providers are subject only to ex post supervision.
For more information and to access our postal NIS2 report, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our Postal intelligence service.
more news
18 April 24
Countries in the Americas are working towards the transparency and explainability of AI-based decisions
The latest update of Cullen International’s benchmark on AI reveals whether governments in the Americas published or proposed specific strategies to foster the adoption of AI-based services.
17 April 24
New research shows continued price increases for both letters and parcels across 17 European countries
The latest update of Cullen International's postal pricing benchmarks shows that prices increased for both letters and parcels across Europe.
15 April 24
Less than 90 seconds: Highlights from the recent update of our European Telecoms Trackers
Our Senior Analyst Jacek Kowalski explains our latest Trackers on the white paper, the gigabit recommendation and the Gigabit Infrastructure Act.