nexalign

Branche · Chemicals & Process Industry

DecisionOS for Chemicals and Process Industry

Chemicals is a NIS2 important entity. At the same time it has probably the deepest OT/IT convergence complexity, with DCS, SIS, asset management, pipeline monitoring, and above-average concentration risk exposure. Major accidents have physical consequences; IT security incidents can trigger them. DecisionOS structures IT/OT decisions so NIS2, IEC 62443, and Seveso are served at once.

TL;DR

Chemicals is a NIS2 important entity with physical major-accident risk. IT-OT convergence is the core strategic question.

Regulatorik im Überblick

NIS2Seveso III Directive (12. BImSchV)IEC 62443Cyber Resilience ActREACHISO 27001

Regulatory context

NIS2 Annex II classifies chemicals as important entities: manufacturers of basic chemicals, pharmaceuticals raw materials, chemical products. Threshold: from 50 employees or 10 M EUR turnover.

Seveso III (12. BImSchV in Germany) obliges operators of dangerous installations to risk assessment, safety report, emergency plans, and notification to authorities. IT security incidents with potential physical impact are increasingly integrated.

IEC 62443 is the international OT security standard. Maturity levels 1-4. Increasingly expected by insurers and authorities.

The Cyber Resilience Act additionally applies to manufacturers of products with digital elements (e.g. measurement and control technology).

Typische Entscheidungen

EDR / XDR selection

SIEM/SOC selection

IAM / IGA / PAM

Sovereign cloud migration

Backup and DR

NIS2 readiness

Dealbreaker (nicht verhandelbar)

  • OT visibility and IEC 62443 maturity

    DCS, SIS, asset management need OT-specific tooling, not IT EDR.

  • Seveso III compatibility

    Safety report duties must align with IT security plans.

  • Air gap and immutable backup for DCS configurations

    DCS outage can trigger a major accident. Recovery tests mandatory.

  • EU sovereignty for recipe IP

    Recipe data is crown-jewel IP. Exclude CLOUD Act exposure.

Where DecisionOS plugs in

Criteria mapped onto NIS2 Art. 21 and IEC 62443 zone-and-conduit model, dealbreakers as Seveso-relevant measures, stakeholder alignment across CIO, CISO, plant management, HSE, Compliance.

Typical use cases

OT security stack: Claroty, Nozomi, Dragos, plus IT EDR bridge.

SIEM/SOC selection with combined IT/OT telemetry.

Cloud migration of ERP and MES interfaces with sovereign cloud option.

Backup concept for DCS configurations with air gap.

Hosting and data sovereignty

DecisionOS is hosted in Germany on Hetzner, EU-only data flow, Art. 28 GDPR data processing agreement. Suited as decision layer for regulated IT/OT procurement.

FAQ

How does NIS2 affect Seveso installations?

NIS2 and Seveso run in parallel. NIS2 duties on risk management, incident handling, and supply-chain due-diligence apply on top of Seveso. Recommended practice: integrated HSE-IT governance, joint crisis teams, joint exercises.

Which IEC 62443 level does the market expect?

Level 2 as baseline expectation for manufacturing sites. Level 3 for safety-critical zones (SIS). Level 4 exceptionally. Certification by accredited bodies (TÜV, DEKRA, Bureau Veritas).

Is cloud migration feasible in chemicals?

Office workloads and the ERP layer are regularly cloud-fit, often with sovereign cloud options. The control-system layer (DCS, SIS) stays on-prem. Bridging via hardened interfaces and OT DMZ. The decision memo documents the layer strategy.

Demo buchen →Was ist DecisionOS?