Jochen Michels, Director Public Affairs Europe, Kaspersky
As cybersecurity threats continue to grow in scale and sophistication across Europe, regulatory frameworks such as the EU's NIS2 Directive are reshaping how organizations approach digital resilience. Depending on their level of criticality, companies and organizations classified under the NIS2 Directive as Essential or Important Entities are required to implement both risk management and cybersecurity measures, including training. As a Managed Security Service Provider, Kaspersky is classified as an Essential Entity. Against this backdrop, the company has registered with Germany's Federal Office for Information Security (BSI) under the German NIS2 implementing legislation. This registration covers Kaspersky's operations throughout the European Union.
The importance of the NIS2 Directive
The NIS2 Directive is, alongside the Cyber Resilience Act and the ongoing revision of the Cybersecurity Act, one of the European Union’s most significant cybersecurity initiatives. Building on the original NIS framework, it establishes harmonized cybersecurity requirements for organizations operating in critical sectors such as energy, transport, healthcare, finance, digital infrastructure, manufacturing, and managed security services. By introducing stricter obligations related to risk management, incident reporting, governance, and supply chain security, the directive aims to strengthen cybersecurity across the European Union and to promote a more consistent level of protection among Member States.
More importantly, NIS2 elevates cybersecurity from a purely technical issue to a strategic governance priority. Organizations are expected not only to implement robust security measures but also to demonstrate accountability, transparency, and preparedness at the management level. At the same time, the directive enhances cross-border cooperation and information sharing among EU Member States, contributing to a more coordinated European response to cyber threats.
Kaspersky’s long-term engagement with NIS2
Kaspersky has been actively involved in shaping European cybersecurity policy and supporting organizations in navigating the evolving regulatory landscape for several years. Since 2020, Kaspersky has contributed to expert hearings, public consultations, and industry dialogue initiatives at both EU and Member State level, helping policymakers and stakeholders better understand the operational realities of cybersecurity regulation. The company has also supported businesses and public authorities through training programs and webinars focused on practical NIS2 implementation and compliance challenges.
Building compliance through expertise and preparation
The company launched its own NIS2 compliance program several years ago, aligning its processes, documentation, and risk management practices with the directive’s requirements well before the regulation formally came into force. This proactive approach has allowed Kaspersky to build significant expertise in areas central to NIS2, including risk mitigation, documentation, governance structures, and data preparation. By embedding compliance into its operational framework at an early stage, Kaspersky has been able to translate complex regulatory requirements into practical and scalable cybersecurity measures. This approach has strengthened the company's own resilience while also enhancing its ability to support customers and partners across Europe as they navigate the evolving regulatory landscape and prepare for NIS2 compliance.
Transparency as a foundation of trust
A particularly important aspect of Kaspersky’s compliance strategy is transparency. In today’s geopolitical and technological environment, trust has become a critical component of cybersecurity. Through its Global Transparency Initiative (GTI), Kaspersky has implemented measures that allow customers, regulators, and scientists to verify the integrity of its products, internal processes, and business operations. These measures are reinforced by internationally recognized certifications and audits conducted by independent third parties.
Kaspersky is certified under ISO/IEC 27001, one of the world’s most widely recognized standards for information security management. The certification demonstrates that the company follows structured and continuously monitored processes for identifying and mitigating information security risks. In addition, Kaspersky recently renewed its SOC 2 Type II audit, confirming the effectiveness of its controls designed to protect antivirus database development and delivery processes against unauthorized manipulation. Together, these certifications support the company’s broader objective of delivering verifiable and measurable cybersecurity practices.
The company’s transparency efforts have also been acknowledged externally. Independent assessments such as the “Transparency Review and Accountability in Cyber Security” study highlighted Kaspersky’s leadership in transparency and accountability within the cybersecurity industry. According to the company, these recognitions demonstrate how international standards and independent verification are becoming increasingly important in building trust within the European digital economy.
Looking ahead: Strengthening Europe’s cyber resilience
Looking ahead, Kaspersky sees NIS2 not only as a regulatory obligation, but as an opportunity to further strengthen Europe’s cybersecurity culture. The directive encourages organizations to adopt a more proactive and strategic approach to cybersecurity, elevating it from a purely technical issue to a core governance responsibility. At the same time, it promotes closer cooperation between public authorities and private-sector organizations, enabling more coordinated responses to cyber threats across borders. By combining long-term engagement in cybersecurity policy development and internationally recognized transparency measures, Kaspersky aims to continue supporting organizations and authorities across Europe in navigating the increasingly complex cybersecurity environment. As cyber threats continue to evolve, collaboration, transparency, and shared resilience will remain essential pillars of Europe’s digital future.
