Who Does NIS2 Apply To?

Understand which sectors and organizations are affected by NIS2

Organizations Affected By NIS2

NIS2 affects all entities that provide essential or important services to the European economy and society, including companies and suppliers. We highly recommend you to carefully assess the following categories to determine if NIS2 is applicable to your organization.

organizations affected by NIS2

NIS2 Entity Categories

If your organization falls under any of the categories below, NIS2 is applicable to you. If this is the case, we suggest that you inform yourself on the sector-specific cybersecurity challenges via the links below, as well as the general NIS2 requirements.

Essential Entities (EE)

Size threshold: varies by sector, but generally 250 employees, annual turnover of € 50 million or balance sheet of € 43 million


Energy

Transport

Finance

Public Administration

Health

Space

Water supply (drinking & wastewater)

Digital Infrastructure

e.g. cloud computing service providers and ICT management

Important Entities (IE)

Size threshold: varies by sector, but generally 50 employees, annual turnover of € 10 million or balance sheet of € 10 million


Postal Services

Waste Management

Chemicals

Research

Foods

Manufactoring

e.g. medical devices and other equipment

Digital Providers

e.g. social networks, search engines, online marketplaces

Plus all sectors under “essential entities” and within the size threshold for “important entities”

Note:
An entity may still be considered “essential” or “important” even if it does not meet the size criteria, in specific cases such as when it is the sole provider of a critical service for societal or economic activity in a Member State.

You Need To Be Fully NIS2 Compliant In:

00Days
00Hours
00Minutes

Time is running out to comply with NIS2 regulations. Starting your compliance journey sooner rather than later is crucial.

A typical NIS2 compliance process, including security assessments, auditing, consulting, and tool implementation, takes approximately 12 months.

For practical advice on how to comply with the requirements, check out our NIS2 white paper.

NIS2 White Paper