Who Does NIS2 Apply To?
Understand which sectors and organizations are affected by NIS2
Organizations Affected By NIS2
NIS2 affects all entities that provide essential or important services to the European economy and society, including companies and suppliers. We highly recommend you to carefully assess the following categories to determine if NIS2 is applicable to your organization.
NIS2 Entity Categories
If your organization falls under any of the categories below, NIS2 is applicable to you. If this is the case, we suggest that you inform yourself on the sector-specific cybersecurity challenges via the links below, as well as the general NIS2 requirements.
Essential Entities (EE)
Size threshold: varies by sector, but generally 250 employees, annual turnover of € 50 million or balance sheet of € 43 million
Energy
Transport
Finance
Public Administration
Health
Space
Water supply (drinking & wastewater)
Digital Infrastructure
e.g. cloud computing service providers and ICT management
Important Entities (IE)
Size threshold: varies by sector, but generally 50 employees, annual turnover of € 10 million or balance sheet of € 10 million
Postal Services
Waste Management
Chemicals
Research
Foods
Manufactoring
e.g. medical devices and other equipment
Digital Providers
e.g. social networks, search engines, online marketplaces
Plus all sectors under “essential entities” and within the size threshold for “important entities”
Note:
An entity may still be considered “essential” or “important” even if it does not meet the size criteria, in specific cases such as when it is the sole provider of a critical service for societal or economic activity in a Member State.
Do You Want To Know More?
Get NIS2 Complaint (Whitepaper):
Time is running out to comply with NIS2 regulations. Starting your compliance journey sooner rather than later is crucial.
A typical NIS2 compliance process, including security assessments, auditing, consulting, and tool implementation, takes approximately 12 months.
For practical advice on how to comply with the requirements, check out our NIS2 white paper.
