What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Knowledge Vault

Compliance18 February 20263 min read

NIS2 Directive: Bolstering UK Cyber Resilience

The NIS2 Directive has come into force, significantly expanding the scope of cybersecurity regulations across the European Union. While not directly applicable to the UK, its influence on supply chain security and best practices is undeniable, urging UK businesses to review their cyber defences.

Mark Fermor

Director & Co-Founder, Firevault

A padlock superimposed over a network diagram, symbolising cybersecurity and data protection

What Has Changed

The Network and Information Security 2 (NIS2) Directive officially entered into force across the European Union on 16 January 2023, with member states required to transpose it into national law by 17 October 2024. This directive significantly updates and expands upon its predecessor, the original NIS Directive. Key changes include a much broader scope, bringing many more sectors and entities under its purview. It introduces more stringent security requirements, including enhanced incident reporting obligations, supply chain security considerations, and greater accountability for senior management. Furthermore, NIS2 harmonises sanctions across the EU, ensuring a more consistent approach to enforcement.

Who Is Affected

While the United Kingdom is no longer a member of the European Union, and therefore NIS2 does not directly apply to UK businesses, its impact is far reaching. Many UK organisations operate within the supply chains of EU-based entities that are directly subject to NIS2. Consequently, these EU businesses will demand higher cybersecurity standards from their UK partners and suppliers to ensure their own compliance. Sectors newly included or significantly expanded under NIS2 include digital providers, waste management, food production, manufacturing of critical products, space infrastructure, and public administration, among others. Therefore, any UK business engaging with customers, suppliers, or partners in these sectors within the EU will find themselves indirectly affected by the directive's stringent requirements.

Practical Implications

For UK businesses operating within the EU supply chain, the practical implications are substantial. They will need to demonstrate robust cybersecurity postures that align with NIS2 standards, even without direct legal obligation. This includes implementing comprehensive risk management measures, ensuring business continuity and crisis management plans are in place, and securing their supply chain. Incident response capabilities will need to be enhanced, with a focus on timely detection, analysis, and reporting of significant cyber incidents. Senior management will likely face increased scrutiny regarding their oversight of cybersecurity risks, potentially requiring greater involvement in cyber strategy and resource allocation. Non-compliance by EU partners due to inadequate UK supplier security could lead to significant fines and reputational damage for all involved parties.

How Physical Air Gap Storage Helps

Meeting the enhanced security requirements of NIS2, particularly concerning resilience and supply chain security, can be significantly bolstered by incorporating physical air gap storage solutions. A physical air gap provides an unparalleled layer of defence against sophisticated cyber threats, including ransomware and insider attacks, by completely isolating critical data from networked systems. This means that even if an organisation's primary network is compromised, the air-gapped data remains inaccessible and uncorrupted. For UK businesses, demonstrating such a robust recovery mechanism not only enhances their own resilience but also provides assurance to their EU partners that critical data assets are protected against the most severe cyber incidents, thereby strengthening their position within the regulated supply chain. It addresses the NIS2 requirement for business continuity and disaster recovery by ensuring an immutable, offline backup of essential information.

Key Takeaways

NIS2 significantly expands cybersecurity regulations across the EU, indirectly impacting UK businesses in EU supply chains.
UK organisations must align their cybersecurity practices with NIS2 standards to maintain EU partnerships.
Robust risk management, incident response, and supply chain security are paramount.
Physical air gap storage offers a superior defence mechanism, enhancing resilience and meeting stringent data protection requirements.
Proactive adoption of advanced security measures will be crucial for competitive advantage and regulatory compliance in a globalised digital economy.

About the author