NIS2 and DORA

NL-ix, as a leading Internet Exchange, serves as the crucial underlay for enterprises connecting to the outside world. While NL-ix is not in the financial sector and therefore not directly subject to DORA, we understand the importance of building a resilient service against digital threats for our customers. Being critical infrastructure, however, NL-ix is subject to the NIS2 regulation, which mandates rigorous cybersecurity standards.

Our ISO certifications—ISO 9001 for quality management, ISO 22301 for business continuity, and ISO 27001 for information security—provide a comprehensive and robust framework that supports our customers' compliance needs. With these standards, NL-ix helps enterprises meet and exceed NIS2 and DORA requirements, strengthening digital resilience and securing critical operations in an increasingly regulated digital landscape.

Why the Underlay Matters

EU regulatory frameworks such as NIS2, DORA, and CER emphasise the importance of understanding the underlay and its impact on operational resilience. When we talk about the underlay, we're referring to the infrastructure outside the corporate network, specifically the public Internet and its supporting physical components—fiber cables, routers, switches, and other elements. This foundational layer plays a crucial role in how data flows between networks, and its security and reliability.

The public Internet is often seen as a vast, interconnected web of networks, but the exact path that data takes across this infrastructure is largely unknown and unpredictable. When you send information across the Internet, it can pass through dozens of networks, routers, and transit providers. These routes are determined dynamically, influenced by factors like traffic congestion, outages, and the policies of intermediary networks.

Organisations may find their data traveling through regions or networks with poor security, facing potential exposure to cyberattacks or data interception. The unknown path also complicates troubleshooting and performance optimisation, as pinpointing the cause of latency or packet loss becomes difficult.

How NL-ix Enhances the Public Internet Underlay

All though NL-ix is part of the public Internet infrastructure, it enables enterprises to take better advantage of the public Internet underlay. Instead of routing traffic through multiple transit providers, NL-ix facilitates direct connections between connected networks (organisations), which optimises traffic paths, reduces congestion, and lowers latency.

Organisations connected to NL-ix bypass insecure parts of the public Internet underlay: traffic is exchanged within the safe, controlled, and monitored NL-ix network, isolated from general public traffic, reducing the risk of interception or unauthorised access. Connnected networks can ensure that sensitive traffic stays within trusted routes, even while utilising the global Internet infrastructure.

Visibility into traffic routes with NL-ix

NL-ix doesn't just talk about secure traffic routes; it provides clear visibility into them. Organisations exchanging traffic via NL-ix, gain detailed information about where their traffic is going, which routes are being used, and how data flows. The ICON dashboard offers insights into what portion of traffic - typically around 90-95%— stays within the secure NL-ix network and what traffic is sent to the public Internet when the destination network isn’t connected to NL-ix.

We recognise that the underlay is often overlooked and nearly forgotten in network discussions, but we believe that connecting to NL-ix provides significant advantages for organisations subject to EU regulatory frameworks such as NIS2, DORA and CER in order to improve the physical infrastructure up and beyond the corporate network. After all:  The physical infrastructure, or the underlay, remains the critical foundation that determines network performance, reliability, and security and keeps everything running smoothly.