EN|FR
NIS 2

NIS 2 Guides

Complete guides to NIS 2 Directive compliance, cybersecurity requirements, incident reporting, and supply chain security for essential and important entities.

1What is NIS 2? A Complete Guide for Organizations7 min2Who Needs NIS 2 Compliance?6 min3NIS 2 Essential vs Important Entities: Key Differences5 min4NIS 2 Requirements: What Organizations Must Implement7 min5NIS 2 Incident Reporting: Timelines and Obligations6 min6NIS 2 Supply Chain Security Requirements6 min7NIS 2 Penalties and Enforcement: What You Need to Know5 min8NIS 2 Compliance Checklist: A Step-by-Step Guide6 min9NIS 2 Risk Assessment: How to Evaluate Cybersecurity Risks6 min10NIS 2 Compliance Cost: What to Budget5 min11NIS 2 vs ISO 27001: How They Complement Each Other6 min12NIS 2 vs GDPR: Understanding the Overlap6 min13NIS 2 for Startups: What Growing Companies Need to Know6 min14NIS 2 Management Liability: What Leaders Need to Know5 min15NIS 2 Business Continuity Requirements5 min16NIS 2 Cyber Hygiene and Training Requirements6 min17NIS 2 National Transposition: How Member States Implement the Directive5 min18NIS 2 Sectors Covered: Complete Guide to the 18 Sectors6 min19NIS 2 Vulnerability Management and Disclosure6 min20Maintaining NIS 2 Compliance: Ongoing Requirements6 min

Common Questions About NIS 2

Quick answers to the most frequently asked questions about NIS 2 compliance.

NIS 2 (Network and Information Security Directive 2) is an EU directive establishing cybersecurity requirements for essential and important entities across critical sectors. It expands the original NIS Directive's scope and strengthens security obligations.

NIS 2 applies to medium and large organizations (50+ employees or EUR 10M+ revenue) in 18 sectors including energy, transport, banking, health, digital infrastructure, and ICT service management. Member states may also include smaller critical entities.

Essential entities are in highly critical sectors (energy, transport, banking, health, water, digital infrastructure, space) and face stricter supervision. Important entities are in other critical sectors and have more reactive oversight based on evidence of non-compliance.

Essential entities face fines up to EUR 10 million or 2% of global annual turnover. Important entities face fines up to EUR 7 million or 1.4% of turnover. Management can face personal liability, though specific provisions vary by member state implementation.

NIS 2 entered into force on January 16, 2023, and EU member states had until October 17, 2024 to transpose it into national law. Organizations in scope should already be implementing required measures.

ISO 27001 certification helps demonstrate NIS 2 compliance but doesn't guarantee it automatically. NIS 2 has specific requirements for incident reporting and supply chain security that may go beyond standard ISO 27001 scope.

NIS 2 requires early warning within 24 hours of becoming aware of a significant incident, a full notification within 72 hours, and a final report within one month. For incidents affecting service provision, immediate notification may be required.

NIS 2 applies to non-EU companies if they provide services within the EU in covered sectors. Non-EU entities meeting the criteria must designate an EU representative in one of the member states where they offer services.

Ready to get NIS 2 certified?

Let our experts guide you through NIS 2 certification. We'll handle the complexity so you can focus on your business.

Talk to an expert