The NIS2 Directive Explained

Prepare your organization for NIS2 compliance with a comprehensive overview of the NIS2 Directive.

NIS2: Europe’s Most Extensive Cybersecurity Directive To Date

The NIS2 directive is the most comprehensive European cybersecurity directive yet.

With stricter requirements for risk management and incident reporting, wider coverage of sectors, and more hard-hitting penalties for non-compliance, hundreds of thousands of EU organizations will need to reassess their cybersecurity posture.


Estimated companies affected by NIS2


Maximum fine for NIS2 non-compliance


Number of sectors covered by NIS2 Directive

Sectors Affected By The NIS2 Directive

The NIS2 directive expands coverage from the original 7 sectors under the NIS directive, adding 8 more for a total of 15 sectors. To access sector-specific NIS2 information, simply click on one of the sectors listed below.

What Do You Want To Know?

“We must bolster the collective resilience of the critical systems underpinning our way of life.”

Michael Šimečka
Member of the European Parliament


“This European directive is going to help around 160,000 entities tighten their grip on security.”

Bart Groothuis
Member of the European Parliament


White Paper By Uniqkey

Speed Up Your NIS2 Research With This Actionable 14-page White Paper

Busy doing research? Download this 14-page NIS2 white paper created by Uniqkey to get a concise breakdown of NIS2 and learn how improving your access security can lead you to compliance.

Who are Uniqkey?

Frequently Asked Questions about NIS2

The NIS2 Directive is a piece of European Union legislation that imposes stricter cybersecurity obligations on entities operating in various critical infrastructure sectors, as well as important sectors. It will cover all large and medium-sized companies in these sectors and will tighten rules on risk management, incident reporting, information sharing, and more.

The DORA, on the other hand, is a digital operational resilience framework aimed at financial institutions, such as banks and payment providers. It aims to ensure that these institutions are able to protect against, respond to, and recover from different ICT-related attacks and threats.

In short the NIS2 Directive is focused on a wider range of entities operating in critical infrastructure, while DORA is focused specifically on financial institutions.

NIS2 is for European cybersecurity what GDPR was for European data protection.

Where GDPR strengthened the requirements for how EU member states manage personal data, the aim of NIS2 is to ensure that all European companies and organizations that operate within critical infrastructure maintain an adequate level of cybersecurity.

Still have questions?