What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Knowledge Vault

Compliance16 February 20265 min read

NIS2 Directive: Strengthening UK Cybersecurity Resilience

The NIS2 Directive, though an EU regulation, significantly influences UK businesses operating within the European Economic Area. It expands the scope of critical entities and introduces more stringent cybersecurity requirements, demanding a proactive and robust approach to digital defence.

Mark Fermor

Director & Co-Founder, Firevault

Cinematic photograph of official regulatory documents lit by a desk lamp in darkness

The cybersecurity landscape is in constant flux, with threats evolving at an alarming pace. In response, regulatory bodies are tightening their grip, pushing for enhanced digital resilience across critical sectors. One such pivotal development is the Network and Information Security 2 (NIS2) Directive, which came into force in the European Union on 16 January 2023, with Member States required to transpose it into national law by 17 October 2024. While the United Kingdom has left the European Union, the implications of NIS2 for UK businesses are profound and far-reaching, particularly for those with operations or supply chains within the European Economic Area (EEA).

What Has Changed

NIS2 builds upon its predecessor, the original NIS Directive, by significantly broadening its scope and introducing more prescriptive cybersecurity measures. Key changes include:

Expanded Scope: NIS2 now covers a much wider range of sectors deemed critical or important, including digital providers, waste management, food production, and space infrastructure, among others. This means many more organisations will fall under its purview.
Stricter Security Requirements: Organisations are now mandated to implement a comprehensive set of cybersecurity risk management measures, including incident handling, supply chain security, encryption, access control, and multi-factor authentication.
Enhanced Reporting Obligations: The directive introduces more stringent incident reporting requirements, with specific timelines for initial notification (within 24 hours of becoming aware of a significant incident) and a final report.
Increased Enforcement and Penalties: National authorities will have greater powers to conduct audits and impose penalties for non-compliance, with fines potentially reaching 10 million Euros or 2 percent of global annual turnover, whichever is higher, for essential entities.
Supply Chain Security Focus: A significant emphasis is placed on securing the supply chain, requiring entities to assess the cybersecurity practices of their suppliers and service providers.

Who Is Affected

While NIS2 is an EU directive, its impact extends to a substantial number of UK businesses. Any UK organisation that:

Operates within the EEA.
Provides services to entities located in the EEA that are covered by NIS2.
Is part of the supply chain for an EEA-based essential or important entity.
Has a subsidiary or branch located in the EEA that meets the criteria for an essential or important entity.

will need to ensure compliance. This includes, but is not limited to, organisations in sectors such as energy, transport, banking, financial market infrastructures, health, digital infrastructure, public administration, and digital providers. Even if a UK business does not directly fall under NIS2, its EEA-based clients or partners will likely demand adherence to NIS2-level security standards as part of their own compliance efforts, creating a domino effect.

Practical Implications

For affected businesses, the practical implications are considerable and require immediate attention:

Risk Assessments and Audits: Organisations must conduct thorough cybersecurity risk assessments to identify vulnerabilities and gaps in their current security posture. Regular audits will be necessary to demonstrate ongoing compliance.
Policy and Procedure Updates: Existing cybersecurity policies and procedures will need to be reviewed and updated to align with NIS2's detailed requirements, particularly concerning incident response, supply chain security, and data recovery.
Technology Investments: Investment in new technologies and security solutions may be required to meet the enhanced security measures, such as advanced encryption, robust access controls, and sophisticated threat detection systems.
Supply Chain Due Diligence: A comprehensive review of supplier contracts and cybersecurity practices will be essential. Organisations may need to implement contractual clauses requiring suppliers to meet NIS2 standards.
Training and Awareness: Employee training on cybersecurity best practices and incident reporting procedures will become even more critical to foster a strong security culture.
Incident Response Planning: Developing and regularly testing robust incident response plans is paramount to ensure timely detection, containment, and reporting of significant cybersecurity incidents.

How Physical Air Gap Storage Helps

Meeting the stringent cybersecurity requirements of NIS2, particularly regarding data integrity, availability, and incident recovery, can be significantly bolstered by implementing physical air gap storage solutions. Firevault's Layer 1 physical air gap storage offers a unique and highly effective defence mechanism:

Immunity to Cyber Attacks: A physical air gap creates an absolute barrier between your critical data and any network-borne threat. This means ransomware, malware, and sophisticated state-sponsored attacks simply cannot reach data stored in an air-gapped environment. This directly addresses NIS2's emphasis on data integrity and resilience against cyber threats.
Guaranteed Data Recovery: In the event of a catastrophic cyber incident affecting your online systems, the physically air-gapped data remains pristine and untouched. This guarantees the availability of your most critical information, enabling rapid and complete recovery, a key requirement for business continuity under NIS2.
Enhanced Supply Chain Security: By storing critical backups or sensitive intellectual property in a physical air gap, organisations reduce their reliance on the cybersecurity posture of third-party cloud providers or network-connected backup solutions. This provides an independent layer of security, strengthening the overall supply chain resilience.
Compliance with Data Retention and Integrity: NIS2 mandates measures to ensure the integrity of data. A physical air gap ensures that data, once written, cannot be maliciously altered or deleted by cyber criminals, providing an uncorrupted source for recovery and forensic analysis.
Reduced Reporting Burden: While not eliminating reporting entirely, having a guaranteed recovery point through air-gapped storage can significantly mitigate the impact of an incident, potentially reducing the severity and complexity of reporting requirements by shortening recovery times.

Key Takeaways

The NIS2 Directive represents a significant uplift in cybersecurity expectations for organisations operating within or connected to the EEA. UK businesses must proactively assess their exposure, understand the new requirements, and implement robust measures to ensure compliance. While the regulatory landscape continues to evolve, embracing advanced security strategies like physical air gap storage is not merely a compliance exercise, but a fundamental step towards achieving true digital resilience and protecting critical assets against an ever-increasing array of cyber threats.

About the author