NIS2
NIS2 (Network and Information Security Directive 2) is an EU directive establishing cybersecurity requirements for essential and important entities with personal management liability and mandatory incident reporting.
What is NIS2?
NIS2 Definition
NIS2 (Network and Information Security Directive 2) is a European Union directive adopted in January 2023 that modernizes the EU cybersecurity legal framework. NIS2 replaced the original NIS Directive from 2016, significantly expanding the scope of entities covered and introducing stricter requirements.
Who does NIS2 apply to?
Essential entities:
- Energy (electricity, oil, gas)
- Transport (air, rail, water, road)
- Banking and financial infrastructure
- Healthcare
- Water supply
- Digital infrastructure (DNS, IXP, TLD)
- Public administration
Important entities:
- Postal and courier services
- Waste management
- Chemical production
- Food industry
- Manufacturing (medical devices, electronics)
- Digital services (marketplaces, search engines)
Key NIS2 requirements
Risk management:
- Risk analysis and security policy
- Incident management
- Business continuity
- Supply chain security
- Cryptography and encryption
Incident reporting:
- Early warning within 24 hours
- Full notification within 72 hours
- Final report within 1 month
Management liability:
- Personal liability of managers
- Mandatory security training
- Compliance oversight obligation
NIS2 penalties
- Essential entities: Up to €10M or 2% of global turnover
- Important entities: Up to €7M or 1.4% of turnover
- Management can be banned from performing functions
NIS2 implementation timeline
- January 2023: Directive entry into force
- October 2024: Deadline for national implementation
- 2025: Full application
NIS2 vs NIS1
| Aspect | NIS1 | NIS2 |
|---|---|---|
| Scope | OES and DSP | Essential and important entities |
| Sectors | 7 sectors | 18 sectors |
| Penalties | Undefined | Up to €10M |
| Management liability | None | Personal liability |
| Supply chain | No requirements | Mandatory |
Related Terms
- DORA - regulation for financial sector
- GDPR - personal data protection
- ISO 27001 - information security management standard
- SOC - Security Operations Center
Explore Our Services
Need NIS2 compliance support? Check out:
- NIS2 Compliance - comprehensive implementation support
- SOC 24/7 - monitoring required by NIS2
- Security Audits - NIS2 gap analysis
NIS2 is a fundamental regulation for cybersecurity in the EU, affecting thousands of organizations across various sectors.