A portrait photo of a middle-aged lady in front of a light gray wall. She wears a blouse and a blazer in rosé and crosses her arms. She has her blond hair tied up, wears glasses and smiles at the camera.

NIS 2 Representative

for companies without an establishment in the EU

Arrange your free consultation appointment:

info@dp-dock.com

Book free online consultation

Go to contact form

Seal - iapp Bronze Member

Target group

The need for a NIS 2 – Representative

Wave as graphic

The NIS 2 Directive has a broad scope of application. It introduces higher security requirements for companies to increase the level of cyber security. Companies that are essential or important entities are subject to registration, verification and reporting obligations vis-à-vis the competent authority of the Member States. Furthermore, these companies should take risk management measures to prevent cyber incidents and threats. The NIS 2 Directive also introduces an accountability obligation for top management, which applies in the event of non-compliance with cyber security risk management measures.

The NIS 2 Directive is already applicable and leads to further obligations for companies to provide evidence of IT security and to report IT security incidents.

Failure to comply with these obligations can result in fines of up to EUR 10,000,000 or 2% of the company's annual global turnover.

Two ladies are sitting in front of a laptop, which is placed on a glass desk, and are discussing.

Tasks

Roles & Responsibilities of the NIS 2 - Representative

Wave as graphic
Icon authority

Representation of the company

The representative represents the company in interactions with competent authorities.

Icon manager

Communication

The representative acts as the contact person for any enquiries issued by competent authorities and directs these to the relevant entity.

Target Group

Who must appoint a representative under the NIS 2 Directive?

Wave as graphic

The NIS 2 Directive applies in general to essential and important entities. Essential entities include sectors with high criticality or critical risks. Companies falling into these sectors which are not established in the EU must designate a representative when they offer specific services subject to cross-border activities (Art. 26(1)(b) NIS-2-Directive). The representative must be located in one of the EU Member States where these services are offered.

The legal representative should be the contact person for the competent authority in addition to the entity.

Note

The obligation to designate a legal representative applies to companies that are not essential or important entities under the NIS-2-Directive. However, unlike the first NIS Directive, the NIS-2-Directive does not solely cover sector-specific critical entities, thus making it difficult to understand if an entity is falling in- or outside the scope of the NIS 2 Directive.

Feedback

Client feedback about our data protection services

Wave as graphic
The view of the Port of Hamburg from above is breathtaking with the Elbphilharmonie in the background and a beautiful blu
Logo - Redbubble

Customer
(Data Protection Officer: DPO)
Redbubble Inc., 111 Sutter Street, 17th Floor, San Francisco, CA 94104, USA

„DP-Dock brings real value to privacy compliance with their professionalism, responsiveness and depth of experience advising global tech companies operating in Europe.”

Logo - Universal Tennis

Customer
(Data Protection Officer: DPO)
Universal Tennis, LLC, 525 University Avenue, Palo Alto, CA 94301, USA

„DP-Dock is our designated Art. 27 GDPR representative for many years – more recently they are, in addition, our external DPO: a decision we’ve been happy with. Their understanding of global trends in data privacy is remarkable – including the provision of awareness trainings for our employees across the globe.“

Logo - ottobock

Customer
(Data Protection Officer: DPO)
Ottobock SE & Co. KGaA, Max-Näder-Strasse 15, 37115 Duderstadt, Germany

DP-Dock is our external data protection officer. They work with us in a targeted and trustworthy manner in an environment where we have many locations around the world. We are fully satisfied with their service. They are pragmatic, solution-oriented, qualified and fast when needed."

Contact information

Schedule a free first consultation appointment
with our data protection experts

Wave as graphic
An elderly lady with dark hair wears a white dotted blouse and sits on an office chair at a desk.

DP-DOCK GmbH
Ballindamm 39
20095 Hamburg

info@dp-dock.com

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Provider
Expire in days 72
Privacy policy
Use Use without cookies
Allowed
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Allowed
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name PHP SESSION ID
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Privacy Policy | Privacy Policy