Notice

European Union (EU) adopted an updated version of the NIS directive on December 14th, 2022 ("NIS2 Directive" or "NIS2"). The new directive addresses the limitations of the initial NIS directive by establishing stricter cybersecurity requirements and expanding the scope of entities and sectors subject to it. As the NIS2 Directive is an EU directive, Member States are required to adopt it into their national laws before October 17th, 2024. Moreover, Member States shall make a list of entities subject to the laws before April 17th, 2025.

Although the specific security requirements and measures in terms of the NIS2 Directive in each Member State have not been laid out by Member States, as a trustworthy partner, we would like to share with our customers the measures that Dahua is taking and outline Dahua’s compliance in terms of the NIS2 Directive.

As Always, Dahua strongly values cybersecurity infrastructure and practices. In compliance with relevant laws and regulations in our business operations, we have established a sound cybersecurity management framework. We adhere to industry best practices, conduct stringent risk assessments, implement state-of-the-art security technologies, maintain robust vulnerability management, and conduct security training and audits to safeguard our products and services against emerging threats.

One of these measures is maintaining a security baseline program and continuously evolving product development processes to enhance security by design. Our products are certified with CC (Common Criteria), ETSI EN 303 645, FIPS 140-2, and many others. Our information security system and privacy information management system have been audited by independent third-party organizations with certifications including:

· ISO 27001 Information Security Management System
· ISO 27701 Privacy Information Management System
· ISO 28000 Supply Chain Security Management System
· ISO 22301 Business Continuity Management System
· ISO 27017 Cloud Security Management System
· ISO 27018 Public Cloud Personal Information Protection Management System

· ISO 20000-1 Information Technology Service Management System

In terms of incident handling, we have set up the Dahua PSIRT (Product Security Incident Response Team) for transparent vulnerability reporting and management. We regularly post security advisories for our clients on our website to help protect them against cybersecurity breaches – preventing the attack from happening. In the case of a breach or incident, we have a proven track record of proactively spotting, addressing, and fixing these breaches. We are transparent in our findings, which can also be found on our website.

We remain committed to supporting our customers and will keep you informed about the progress of NIS2. Should you have any questions or need further information, please feel free to contact us at any time.

Thank you for your continued partnership and trust in Dahua.

Regards,
Dahua Technology

All Products

Key Technologies

Products

Solutions by Industry

SMB Solutions

Solutions by Application

Solutions by Application

Solutions

Support

Partners

News

About Us

Statement on NIS2 Compliance

Related Notices