At the end of April, the Danish Parliament adopted the EU security directives CER and NIS2, which are expected to be implemented on 1 July 2025, but according to Lars Andreasen, partner at P-Secure and former head of counterintelligence at PET, the requirements of the directives should include more than what has been put forward.
Our CEO, Lars Andreasen, has delivered a discussion paper in Ingeniøren PRO, which deals with the two safety directives NIS2 and CER, which have just been adopted in the Danish Parliament. He believes that the requirements of the directives do not include enough industries and companies.
You can read the full discussion post below or on Ingeniøren where you can also participate in the debate.
Denmark's critical infrastructure needs to be much more robust than it is today. The EU directives CER and NIS2 must now ensure this. The legislation must be enforced by companies, organisations and institutions that can be categorised as critical infrastructure or subcontractors to it.
Whether one is covered can now be tested with a Nis2 check recently launched by the authorities. You would think that everything is in the best order. There's just one problem. In Denmark, there are companies that, due to their size or market position, have such an impact on the country's economy that they should also be categorized as critical infrastructure.
The same, of course, applies to our educational and research institutions, which are supposed to secure the country's future. We have already seen examples of industrial espionage against DTU. Industrial espionage that harms Denmark's competitiveness.
Therefore, the Ministry of Community Safety and Emergency Preparedness should extend the definition of critical infrastructure to include companies and research institutions that otherwise have significant impact on Denmark's economy in the short and long term. The consequences are incalculable if these are affected by espionage, sabotage, etc.
Having said that, it is also surprising that many companies are waiting with the basic security measures because they are unsure whether they are covered by the legislation or not.
Although we are experiencing increasing security awareness, many people still view security from a “compliance perspective” and not in relation to the specific security threat and the consequences that a security breach can have on the company and its role in society.
P-Secure helps companies meet some of the requirements of the two directives, NIS2 and CER, using a platform that can create automated background check.
