NIS2 Directive Poses Cybersecurity Challenges for African Businesses Tied to EU

The European Union’s NIS2 cyber security  directive has significant implications for African businesses trading with the continent.  This is according to Check Point Software Technologies, a leading AI-powered cloud-delivered cyber security provider, which urges African businesses with strong ties to the EU to take steps to comply with this new, stringent cyber security regulation.

The European Union’s NIS2 Directive, came into effect this month and requires member states to amend their national legislation. The NIS2 Directive imposes strict cyber security requirements, including enhanced management liability, reporting to authorities, risk management, and business continuity planning, placing African companies trading with the EU under increased scrutiny.

The NIS2 Directive builds upon the original NIS1 Directive introduced in 2016, expanding its scope to cover a wider range of sectors including Energy, Banking, Transport, Digital Infrastructure, Healthcare, Food Production, and Research. More than 80% of European enterprises are now within the scope of this legislation, which extends to global supply chain partners—including many businesses in Africa.

Europe is still Africa’s leading trading partner. African businesses, particularly in leading economies such as South Africa, Kenya, and Nigeria, need to understand the far-reaching impact of NIS2. Compliance is not just about meeting EU standards—it’s about securing their future in a globalised market. Failure to comply will result in not only heavy fines but also the potential loss of critical trade partnerships with EU member states.

Collins Emadau, Check Point Partner and Director, Westcon

The EU remains the largest trading partner for Africa, with over 18 Economic Partnership Agreements and trade worth billions annually. African businesses, especially in sectors like Energy, Banking, Transport, and Manufacturing, are key partners in the EU’s supply chains. To continue doing business with EU companies, African organisations must comply with NIS2, which mandates strict cyber security measures to protect critical infrastructure and supply chains.

NIS2 sets a new standard for cyber security, and African businesses must act now. Many organisations are unaware of the depth of these requirements, which go beyond local regulations. Compliance is essential not only for maintaining business relationships with the EU but also for enhancing the overall resilience of African economies against cyber threats.

Issam El Haddioui, Head of Security Sales Engineering: Africa, Check Point Software Technologies

Compliance will exact a cost for African organisations, which according to Interpol’s 2021 Africa Cyberthreat Assessment Report, spends an average of only 0.05% of their revenue on cyber security, far below the global average of 0.3-0.5%.  The Report also estimated the financial impact of cyber crime in the region at over $4 billion USD, representing about 10 percent of Africa’s total GDP.

NIS2 introduces personal liability for business leaders in the event of a cyber attack, meaning that executives themselves can be held financially accountable for breaches. Penalties include fines of up to EUR 7 million or 1.4% of a company’s global annual turnover, whichever is higher. This goes beyond the GDPR, placing even more responsibility on corporate leadership to ensure robust cyber security practices are in place.

NIS2 mandates that organisations must report cyber incidents to authorities promptly and inform their stakeholders, suppliers, and customers. Therefore, African businesses must ensure they have a comprehensive incident response plan in place, along with regular cyber security training for both IT and leadership teams.