NIS2 Directive

Security & Compliance beginner

The NIS2 Directive is an EU regulation setting minimum cybersecurity standards for critical and important sectors, significantly expanding scope beyond its predecessor.

Summary

The NIS2 Directive (Network and Information Security Directive 2) is an EU regulation that mandates minimum cybersecurity standards across critical and important sectors, affecting significantly more organizations than the original NIS1 directive.

What is the NIS2 Directive?

NIS2 is the revised EU directive on network and information security. It entered into force in January 2023 and must be transposed into national law by EU member states. The directive substantially expands the circle of affected organizations and tightens requirements for risk management, incident reporting, and governance.

Organizations with 50 or more employees or €10 million or more in annual revenue operating in 18 defined sectors are affected. These sectors include energy, transport, healthcare, digital infrastructure, and ICT service management.

Key obligations include 24-hour incident reporting windows, supply chain security assessments, and personal liability for executive management in the event of non-compliance.

Why is the NIS2 Directive relevant?

  • Expanded scope: Far more organizations are covered compared to NIS1
  • Personal liability: Executive management can be held personally liable
  • Incident reporting: Security incidents must be reported within 24 hours
  • Supply chain security: Organizations must assess the security of their supply chains
  • Penalties: Up to €10 million or 2% of global annual turnover

Similar Solutions

For Security & SOC Teams

Security teams don’t protect organizations because they issue reports. They protect organizations because vulnerabilities are managed continuously. We work with security and SOC teams to strengthen processes, proactively address risks, and align with compliance requirements. We focus on actionable practices, not theory.

Discover more

NIS2 & ISO 27001 preparations

Compliance requires skills, not certificates. Our trainings can help you achieve exactly that. So you’re never "chicken" again when audits, incidents, or regulators come knocking.

Discover more

For Regulated Industries

<b>Regulated industries don’t fail audits because they lack policies. They fail because compliance requires skills, not certificates.</b> We works with organizations that operate under continuous regulatory pressure, including NIS2, ISO 27001, and sector-specific requirements. We’ve supported teams across multiple audits, security reviews, and compliance programs, always focusing on operational reality instead of theory.

Discover more

Related Terms

ISO 27001

ISO 27001 is the international standard for establishing, implementing, and maintaining an information security management system (ISMS).

Discover more

We are here for you

You are interested in our courses or you simply have a question that needs answering? You can contact us at anytime! We will do our best to answer all your questions.

Contact us