What is NIS2?

Confused about NIS2? Here’s the basics.

What Is The NIS2 Directive?

Introduced in 2020, and recently coming into effect on January 16, 2023, the NIS2 Directive is a continuation and expansion of the previous EU cybersecurity directive, NIS. It was proposed by the European Commission to build upon and rectify the deficiencies of the original NIS directive.

NIS2 aims to enhance the security of network and information systems within the EU by requiring operators of critical infrastructure and essential services to implement appropriate security measures and report any incidents to the relevant authorities.

Compared to NIS, NIS2 expands its EU-wide security requirements and scope of covered organizations and sectors to improve the security of supply chains, simplify reporting obligations, and enforce more stringent measures and sanctions throughout Europe.

What Does NIS2 Stand For?

NIS2 stands for “Network and Information Security Directive”.

NIS2 Becomes Law in 2024

Member States have until October 17, 2024 to transpose the Directive into national law. This means that each organization encompassed by the Directive will be legally obligated to live up to its requirements by Q4 2024.

The Original NIS

The original NIS Directive also aimed to enhance the cybersecurity level of EU member states, however, its implementation faced challenges and resulted in inconsistent efforts across the Union. In light of the rising cyber threats, the EU commission proposed NIS2 as a replacement.

More Affected Sectors

NIS2 expands the number of covered sectors from 7 to a total of 15 to protect more vital areas of society.

Stricter Requirements

Compared to NIS1, NIS2 dramatically increases the requirements for enforcing cybersecurity.

Worse Repercussions

In addition to heavy fines, NIS2 non-compliance can also lead to legal ramifications for management teams.

You Need To Be Fully NIS2 Compliant In:


Time is running out to comply with NIS2 regulations. Starting your compliance journey sooner rather than later is crucial.

A typical NIS2 compliance process, including security assessments, auditing, consulting, and tool implementation, takes approximately 12 months.

For practical advice on how to comply with the requirements, check out our NIS2 white paper.

NIS2 White Paper

Got questions?