NIS 2 Directive: How the EMA Archive Strengthens Your Cybersecurity
The NIS 2 Directive sets new standards for cybersecurity across Europe. In Germany, the implementing legislation was passed by the Bundestag on 13 November 2025 and is expected to come into force in early 2026. Organisations in 18 critical sectors, including energy, healthcare, financial services, transport and IT services, will then need to meet stricter requirements: from encryption and access controls to comprehensive audit logging. The consequences of non-compliance are severe: fines of up to €10 million or 2% of annual turnover, plus personal liability for senior management.
For many organisations, this means substantial investment in new security infrastructure. But there is another way: with EMA, you get an archiving solution that already meets key technical requirements of the NIS 2 Directive.
How EMA's Security Architecture Supports NIS 2 Compliance
1. Encryption at Every Level
NIS 2 requires data encryption. EMA delivers this through a multi-layered approach: all data transfers are fully encrypted, whether you're using our Cloud Connector for Microsoft 365 or accessing the archive directly. More importantly, your stored data is protected too. In EMA, each data store is individually encrypted. With EMA Cloud, every customer instance has its own separate encryption—there's no mingling of customer data. Even our data centre infrastructure providers cannot access your stored information. Beyond this, EMA applies a digital signature and tamper-proof timestamp to all archived documents and emails. Together, these measures provide verifiable protection against data manipulation.
2. Granular Access Control and Authentication
NIS 2 demands strict access control measures, including multi-factor authentication. EMA's single sign-on (SSO) feature enables staff to authenticate securely and conveniently, with seamless integration into Active Directory and Microsoft Entra. One of EMA's most innovative security features is the four-eyes principle: core archive functions can be configured to require approval from more than one person. This prevents anyone—whether deliberately or accidentally—from carrying out security-critical actions alone. Permissions are managed efficiently through integration with security groups and two-factor authentication, whilst IP-based restrictions ensure access only from authorised locations.
3. Comprehensive, Tamper-Proof Audit Logging
One of the most important aspects of NIS 2 is accountability. EMA's secure logging captures every security-relevant action in the archive—from access and searches to configuration changes. Each entry is digitally signed and stored immutably, so you can always trace precisely who did what and when. For particularly sensitive areas, EMA offers optional syslog integration: every new log entry is reported immediately to your SIEM system, enabling real-time detection of security incidents. With CSV reporting, you can generate detailed audit reports at the click of a button, ready for regulators whenever they ask.
Be Prepared for NIS 2 with EMA
The NIS 2 Directive sets a high bar, but with EMA, you have an excellent foundation for your security infrastructure:
- Encryption: End-to-end protection for data in transit and at rest
- Access control: SSO, four-eyes principle, two-factor authentication and IP-based restrictions
- Audit logging: Tamper-proof logs with digital signatures
- Business continuity: Triple redundancy with automatic failover (EMA Cloud) or hot standby with cross-site redundancy (on-premise)
- Data sovereignty: 100% developed and hosted in Germany
The decisive advantage: From development and data storage to support and customer service, everything takes place in Germany. Your data never leaves EU territory.
Your data is your most valuable asset. Make sure it stays where it belongs: under your control.
Please note: EMA addresses key technical requirements of NIS 2. Full compliance requires additional measures, such as risk management processes, incident response plans, staff training and supply chain security.
