NIS2-compliant communication – and an independent backup

Sparks supports NIS2 requirements on two levels: as a secure communication platform with EU hosting and no US legal framework – and as an independent backup communication system that preserves your ability to act when your primary system (e.g. MS Teams) is unavailable. For KRITIS operators and NIS2-obligated organisations with high resilience requirements.

Contributing to NIS2 requirements

  • Secure communication

    Encryption, access control and secure transmission. Reducing risks from intercepted or tampered communication.

  • Data in the EU

    Hosting in the EU and clear processing locations. Important for reporting obligations and cooperation with regulators.

  • Transparency and documentation

    Open architecture and documented processes. Facilitates risk analysis and evidence to supervisors.

What is NIS2?

Directive (EU) 2022/2555 ("NIS2") is the EU-wide framework to strengthen cybersecurity in critical sectors. It obliges affected organisations to implement risk management, incident reporting and supply chain security measures. Sectors in scope include energy, transport, health, digital infrastructure, financial market infrastructure, public administration and many SMEs in defined areas.

Official source (EUR-Lex):

EUR-Lex – Directive (EU) 2022/2555 (NIS2)

Core obligations under NIS2

Affected entities must take appropriate technical and organisational measures. These include risk assessment, incident management, supply chain security, and the ability to report incidents and cooperate with authorities. Secure communication and protection of confidential data are central.

  • Risk management

    Regular assessment and treatment of risks to the security of network and information systems.

  • Incident reporting

    Reporting of significant incidents to competent authorities within set deadlines (e.g. 24h early warning, 72h report).

  • Supply chain and dependency security

    Address risks from third-party providers and dependencies on critical services.

  • Security of communication and data

    Protection of confidential and critical data in transit, at rest and on access.

Sparks contribution to NIS2 compliance

How Sparks meets requirements for secure communication, data location and demonstrability.

Why Sparks for Teams makes a significant contribution to NIS2

Sparks addresses core NIS2 requirements in communication and data: encrypted transmission, EU data residency, traceability and the ability to keep communication in the EU and become less dependent on high-risk providers.

  • End-to-end encryption (E2EE)

    Matrix chat with E2EE reduces the risk of confidential discussions being intercepted or tampered with. No backdoors for third parties – important for compliance evidence and trust in the supply chain.

  • Federation and secure supply chain communication

    Chat federation via Matrix – optionally with E2EE – connects partners across organisational boundaries in shared channels. Together with secure audio and video (WebRTC), this enables consistently protected communication along the supply chain without dependence on a single vendor. That directly addresses NIS2 requirements for supply chain and communication security.

  • EU hosting and data location

    Operation in the EU enables clear processing locations and facilitates cooperation with regulators and compliance with reporting and data protection (GDPR) requirements.

  • Open architecture and traceability

    Open protocols (Matrix, WebRTC) and documented processes support risk analysis, audits and demonstrating appropriate measures to authorities.

  • Self-hosting and sovereignty

    Option to self-host gives you full control over infrastructure and access – less dependence on third parties outside the EU and better control of supply chain risks.

Sparks as a backup system in crisis situations

NIS2 requires resilience and the ability to remain operational during outages or incidents. Sparks for Teams can serve as a second, independent communication system – with its own infrastructure, optionally in the EU or in your own data centre. The impact of such a backup use case goes well beyond mere redundancy.

When the primary service fails, is compromised or becomes unavailable, the first hours determine coordination, reporting and damage control. Having Sparks as a planned backup delivers the following effects:

  • Continuity when the primary system fails

    If your main communication service (e.g. a US cloud provider) goes down or is compromised, you can switch to Sparks immediately. If Sparks is already used in normal operation (e.g. for confidential channels or partner communication), users and processes are familiar with it – in a crisis there is no learning curve, escalation runs through a known environment.

  • Rapid coordination and meeting reporting obligations

    NIS2 requires significant incidents to be reported within short deadlines (e.g. 24h early warning, 72h report). That requires working communication – internally and with authorities or partners. With Sparks as backup you remain able to report and coordinate regardless of the status of the primary system, so you can meet deadlines and fulfil supervisory duties.

  • Redundancy without additional vendor lock-in

    Sparks uses open protocols (Matrix, WebRTC) and can be self-hosted or operated by another provider. You get real technical and operational redundancy without depending on a second proprietary product. In a crisis you retain control over infrastructure and data location.

  • Demonstrating business continuity to supervisors

    A documented backup and crisis communication concept with Sparks supports the demonstration of business continuity and risk preparedness – relevant for NIS2, internal audit and certifications. You show that you have planned for outages and incidents and remain able to act.

External sources and further information

Official and recognised sources on the NIS2 directive and national implementation:

Discuss NIS2 and Sparks