NIS 2 Sectors Covered: Complete Guide to the 18 Sectors

Key Takeaways

Point	Summary
18 total sectors	11 highly critical (Annex I) + 7 other critical (Annex II)
Major expansion	NIS 1 covered roughly 7 sectors; NIS 2 covers 18
New sectors	Manufacturing, food, chemicals, waste management, postal, digital providers, space, public administration
~160,000 entities	Estimated number of entities across the EU in scope
Size-based	Generally applies to medium (50+) and large (250+) enterprises in these sectors

Quick Answer: NIS 2 covers 18 sectors divided into highly critical (essential entities) and other critical (important entities). The expansion from the original NIS Directive adds sectors like manufacturing, food production, chemicals, waste management, and digital providers, bringing an estimated 160,000 entities into scope across the EU.

Annex I: Highly Critical Sectors (Essential Entities)

1. Energy

Sub-sector	Entities Covered
Electricity	Electricity undertakings, distribution system operators, transmission system operators, producers, nominated electricity market operators, market participants, operators of recharging points
District heating and cooling	District heating or district cooling operators
Oil	Operators of oil transmission pipelines, operators of oil production, refining and treatment facilities, central oil stockholding entities
Gas	Supply undertakings, distribution system operators, transmission system operators, storage system operators, LNG system operators, natural gas undertakings, operators of natural gas refining and treatment facilities
Hydrogen	Operators of hydrogen production, storage, and transmission

2. Transport

Sub-sector	Entities Covered
Air	Air carriers, airport managing bodies, traffic management control operators
Rail	Infrastructure managers, railway undertakings
Water	Inland, sea, and coastal passenger and freight water transport companies, managing bodies of ports, operators of vessel traffic services
Road	Road authorities responsible for traffic management control, operators of intelligent transport systems

3. Banking

Sub-sector	Entities Covered
Credit institutions	Credit institutions as defined by the Capital Requirements Regulation

4. Financial Market Infrastructure

Sub-sector	Entities Covered
Trading venues	Operators of trading venues
Central counterparties	Central counterparties (CCPs)

5. Health

Sub-sector	Entities Covered
Healthcare providers	Healthcare providers as defined in the Cross-border Healthcare Directive
EU reference laboratories	EU reference laboratories
R&D and manufacturing	Entities carrying out research and development of medicinal products, entities manufacturing basic pharmaceutical products and preparations
Medical devices	Entities manufacturing medical devices considered critical during a public health emergency

6. Drinking Water

Sub-sector	Entities Covered
Water supply	Suppliers and distributors of water intended for human consumption, excluding distributors for whom water distribution is a non-essential part of distributing other commodities

7. Wastewater

Sub-sector	Entities Covered
Wastewater management	Undertakings collecting, disposing of, or treating urban wastewater, domestic wastewater, or industrial wastewater

8. Digital Infrastructure

Sub-sector	Entities Covered
Internet Exchange Points	IXP providers
DNS services	DNS service providers (excluding root name server operators)
TLD registries	TLD name registries
Cloud computing	Cloud computing service providers
Data centres	Data centre service providers
Content delivery	Content delivery network (CDN) providers
Trust services	Trust service providers (qualified and non-qualified)
Telecommunications	Providers of public electronic communications networks or publicly available electronic communications services

9. ICT Service Management (B2B)

Sub-sector	Entities Covered
Managed service providers	Managed service providers (MSPs)
Managed security service providers	Managed security service providers (MSSPs)

10. Public Administration

Sub-sector	Entities Covered
Central government	Public administration entities of central governments as defined by member states
Exclusions	Judiciary, parliaments, and central banks are excluded

Note: Member states may also include regional-level public administration entities.

11. Space

Sub-sector	Entities Covered
Ground infrastructure	Operators of ground-based infrastructure owned, managed, and operated by member states or private parties that support the provision of space-based services

Annex II: Other Critical Sectors (Important Entities)

12. Postal and Courier Services

Sub-sector	Entities Covered
Postal providers	Providers of postal services, including providers of courier services

13. Waste Management

Sub-sector	Entities Covered
Waste operators	Undertakings carrying out waste management, excluding undertakings for whom waste management is not their main economic activity

14. Manufacture, Production, and Distribution of Chemicals

Sub-sector	Entities Covered
Chemical companies	Undertakings carrying out the manufacture of substances and the distribution of substances or mixtures, and undertakings carrying out the production of articles from substances or mixtures

15. Production, Processing, and Distribution of Food

Sub-sector	Entities Covered
Food businesses	Food businesses engaged in wholesale distribution, industrial production, or processing

16. Manufacturing

Sub-sector	Entities Covered
Medical devices	Entities manufacturing medical devices and in vitro diagnostic medical devices
Computer and electronics	Entities manufacturing computer, electronic, and optical products
Electrical equipment	Entities manufacturing electrical equipment
Machinery	Entities manufacturing machinery and equipment n.e.c.
Motor vehicles	Entities manufacturing motor vehicles, trailers, and semi-trailers
Other transport	Entities manufacturing other transport equipment

17. Digital Providers

Sub-sector	Entities Covered
Online marketplaces	Providers of online marketplace platforms
Search engines	Providers of online search engines
Social networks	Providers of social networking service platforms

18. Research

Sub-sector	Entities Covered
Research organizations	Research organizations whose primary goal is to carry out applied research or experimental development with a view to exploiting the results for commercial purposes

Comparison with NIS 1

Sector	NIS 1	NIS 2
Energy	Yes	Yes (expanded)
Transport	Yes	Yes (expanded)
Banking	Yes	Yes
Financial markets	Yes	Yes
Health	Yes	Yes (expanded)
Drinking water	Yes	Yes
Digital infrastructure	Yes	Yes (expanded significantly)
Wastewater	No	New
Space	No	New
Public administration	No	New
ICT service management	No	New
Postal/Courier	No	New
Waste management	No	New
Chemicals	No	New
Food	No	New
Manufacturing	No	New
Digital providers	Partially	Expanded
Research	No	New

Common Questions

How do I know which sector my organization belongs to?

Review the detailed definitions in Annexes I and II of the NIS 2 Directive. Organizations should consider all their business activities, not just their primary business. An organization may fall under multiple sectors, and in such cases, the requirements apply to all in-scope activities. If you are uncertain, your national competent authority or a compliance advisor like Bastion can help determine your classification.

What if my sector is not listed?

If your organization does not operate in any of the 18 listed sectors, NIS 2 does not directly apply to you. However, you may still be affected indirectly through supply chain requirements if your customers are NIS 2 entities. Member states may also expand the scope beyond the directive's minimum.

Can member states add more sectors?

Yes. NIS 2 sets minimum scope requirements, and member states can extend coverage to additional sectors or lower size thresholds when transposing the directive into national law. Check your national transposition for any scope extensions.