The electric vehicle (EV) market is growing fast, with more people buying EVs, governments driving the shift, and the charging network expanding to meet demand. But as the industry grows, so do the risks.
Governments are taking notice of increasing cybersecurity threats and introducing new regulations, like the Network and Information Security (NIS2) Directive. For the EV charging industry, NIS2 compliance is crucial to defend against cyberattacks that could disrupt charging networks and damage the power grid.
Last Mile Solutions’ Chief Information Security Officer, Stefan van den Heuvel, explains what this new legislation means for EV charging companies, and what we’re doing to stay compliant.
What should you know about the NIS2 Directive?
NIS2 is part of the European Union’s (EU) initiative to strengthen cybersecurity across Europe. It aims to ensure businesses have strong systems in place to withstand cyberattacks and disruptions. In the Netherlands, NIS2 applies to all EV charging companies handling more than 300 MW of power connected to the grid. If an incident causes a disruption greater than 100 MW, it must be reported to the Dutch government.
NIS2 builds on the original NIS Directive by introducing stricter security measures for critical sectors like the EV charging industry.
Stefan notes: “While the government plays a key role in protecting European infrastructure, it cannot do so alone. Every business must also take responsibility for its own security and for the security of the customer data entrusted to them.”
Why NIS2 matters for the EV charging industry
NIS2 compliance is essential for the EV charging industry to protect society from major disruptions. Stefan explains: “In the future, nearly everyone will drive an electric car. If someone with harmful intent were to disrupt the charging infrastructure, it could cripple people’s ability to charge their vehicles, causing massive disruption.”
The complexity of the EV charging system creates multiple layers of risk:
- The electric vehicle: If a car is compromised, it poses a risk to its operation and the charging process.
- The EV charging platform: With many charge points connected to one platform, a single security issue can snowball across the entire network.
- The charging network: In Europe, charging platforms are interconnected to ensure interoperability. This creates a vast network—there are over 850,000 charge points in our roaming network alone—with numbers growing daily.
Complying with NIS2 is key to securing this interconnected network and preventing issues that could affect the entire EV ecosystem.
Last Mile Solutions’ commitment to compliance
While the NIS2 guidelines are still being finalized across Europe, we’re going the extra mile to be among the most secure EV charging companies and platforms. Our triple ISO certification—ISO 27001 (IT security), ISO 27701 (privacy), and ISO 9001 (quality)—sets a benchmark for security in the EV charging industry.
Security
In 2023, we were assigned critical infrastructure status under the original NIS law by the Dutch government. But we didn’t wait for that moment to prioritize security—we became ISO 27001 certified back in 2019, and in 2024, we updated our certification to the latest ISO27001:2022 standards. With an uptime of 99.8%, our platform is designed to meet governmental regulations and protect both our partners and their customers.
NIS2 requires reporting incidents with significant impact, and we’ve already built this into our processes. In compliance with ISO 27001, an external auditor verifies that everything is in place and followed correctly.
“This gives us an extra layer of support to make sure we’re doing the right thing and not overlooking anything or becoming complacent,” says Stefan.
Privacy
Our ISO 27701 certification was a key milestone in protecting our users’ personal data.
Stefan explains the importance of data privacy: “If you have a charge point at home, it’s tied to your personal address. Add to that your payment information, like your bank account details, and it becomes clear that protecting this personal data adds an extra layer of responsibility.”
Quality assurance
Thanks to our ISO 9001 certification, we have better control over our all internal processes. We conduct regular audits throughout the year to review and improve these processes, and provide ongoing awareness training to keep all colleagues informed about security and privacy.
By conducting regular audits and increasing internal knowledge, we’re able to integrate ISO 27001 and 27701 requirements into everything we do. This allows us to meet customer expectations, stay compliant with regulations, and drive continual improvement.
The benefits of working with an NIS2 compliant supplier
Large companies in the EV charging sector must comply with the NIS2 regulations and ensure their suppliers, like us, are also compliant. While smaller businesses might not need to comply just yet, these requirements are expected to grow.
By meeting the highest security standards, we take the weight of cybersecurity concerns off our shoulders. While you’re still responsible for your own systems, you can trust that the operations you outsource to us are fully secure.
“Our customers trust us with their data and depend on our systems to manage their processes,” says Stefan. “As a software provider, it’s crucial that our platform is reliable, always available, and delivers the best charging experience for their customers.”
Preparing for a more secure future
Cybersecurity is only growing in importance, as reflected in the rise of new legislations like NIS2 and the Cyber Resilience Act (CRA). While these regulations highlight the government’s focus on security, at Last Mile Solutions, we’ve always taken cybersecurity seriously, long before NIS2 came into effect. We don’t do this just because it’s required by law, but because we believe it’s intrinsically important to keep our services secure and reliable.
Have questions about NIS2 compliance? Reach out to your Last Mile Solutions customer representative or email us at support@lastmilesolutions.com.