Your easy guide to NIS2

The NIS2 Resource Centre.

As a leading EU cybersecurity company, we've curated a hub with all the info you need and we're updating it regularly. Worried about NIS2? Don't be! Compliance is simpler than you think, and it pays off to start now.

Bookmark this page to stay up-to-date. We are continuously refining this page as NIS2 regulations become clearer.

What to do now? 

NIS2 Process 2024

Secure your business beyond NIS2
Get a Demo Now

Three steps you can take today

First of all, you need to know if NIS2 applies to you. NIS2 expands the scope of the original NIS directive to include many more businesses. Generally, this applies to all public and private sector entities that provide critical services or infrastructure, and / or qualify as medium or large-sized enterprises operating in the EU. 

Images NIS2 Resource Hub (9)

Compliance is easier with a plan

Once registered, the clock starts ticking - the deadline is to be confirmed. But you won’t want to wait. Compliance involves measures that can take time to implement. 

If this sounds frightening, keep in mind that key obligations under NIS2 are basic security measures you’ve probably already considered and may even have in place. These include measures like risk assessments and plans for incident response and reporting.

The best approach is to stay informed, have a plan, and stay on top of your progress. Remember, improving your cybersecurity isn’t just about meeting regulations – it's about common sense measures that will protect you, your customers, and your business.

Images NIS2 Resource Hub (9)

Compliance is easier with a plan

Once registered, the clock starts ticking - the deadline is to be confirmed. But you won’t want to wait. Compliance involves measures that can take time to implement. 

If this sounds frightening, keep in mind that key obligations under NIS2 are basic security measures you’ve probably already considered and may even have in place. These include measures like risk assessments and plans for incident response and reporting.

The best approach is to stay informed, have a plan, and stay on top of your progress. Remember, improving your cybersecurity isn’t just about meeting regulations – it's about common sense measures that will protect you, your customers, and your business.

NIS2 Essential Resources.

Speakers NIS2 Eye EN

Implementing NIS2 in the Netherlands - Live Q&A with Industry Experts.

📅 19 June 15:00-15:30.

Language: Dutch 

The NIS2 Directive brings a new era of cybersecurity vigilance in Europe. Are you ready to embrace compliance as a competitive advantage?

Bart Groothuis, Mikael Engels and Lodi Hensen discuss cybersecurity in Europe, what it's like for companies to adapt to new laws and regulations and what the future of cybersecurity will look like. 

Register for this exclusive webinar and let seasoned cyber experts take you into the world of cybersecurity.

Speakers NIS2 Eye EN

Implementing NIS2 in the Netherlands - Live Q&A with Industry Experts.

📅 19 June 15:00-15:30.

Language: Dutch 

The NIS2 Directive brings a new era of cybersecurity vigilance in Europe. Are you ready to embrace compliance as a competitive advantage?

Bart Groothuis, Mikael Engels and Lodi Hensen discuss cybersecurity in Europe, what it's like for companies to adapt to new laws and regulations and what the future of cybersecurity will look like. 

Register for this exclusive webinar and let seasoned cyber experts take you into the world of cybersecurity.

Leadership and liability under NIS2

One crucial aspect to be aware of is the potential for personal liability. Registered company directors and board members can be held personally liable for breaches of duty if they don’t take the steps required by NIS2 now.

Essential entities (critical public and government services) can face fines of up to EUR 10 million or 2% of the business’ global annual revenue. For non-essential businesses, the consequences are almost as severe – €7 million or 1.4% of total turnover.            

As well as technical compliance, you should ensure that everyone on your team is informed about their responsibilities.

What NIS2 industry experts have to say.

Don’t just take our word for it – hear what experts across industries are saying about the importance of NIS2 and other cyber laws.

NIS2-Directive is a must as it is a new EU law to be effective in 2024. However a lot of people thinks it is a technical issue and run at the technical side of it. In my opinion it is the Strategical and tactical side of it to be implemented and from that perspective translate what needs to be done in operations. To achieve this there must be policy, procedures and processes to be understood, agreed upon and implemented first then to be implemented within operations and technicality.
Mohamad Adib Baroud
Expert NIS2 Directive
Ultimately, the new rules are meant to make organisations more resilient and we will have to comply with them anyway. So avoid rushing that. It's likely to be more expensive. Instead, make use of the extra time you have now. I prefer to approach it positively. NIS2 helps make your business safer and healthier. It can also take you to a higher level of knowledge. And it is certainly not a stick to beat with. On the contrary, it is an effective tool. Think of it as tailwind instead of headwind.
Simone Pelkmans
Partner Digital Regulations
In order for the legislation to be effective, Europe is in need of a highly skilled workforce to exercise the tasks designated by the NIS2. Independent security audits, risk assessment, cybersecurity architecture design and implementation, and incident management and reporting need to be carried out by certified professionals.
Chris Dimitriadis
Chief Global Strategy Officer, ISACA
Remaining proactive in enhancing cyber security is vital to maintaining competitiveness. This is not only about complying with laws and regulations, but about ensuring that your business is cyber resilient and able to deal with the ongoing cyber threat landscape and risks.
Auke Huistra
Managing Director, Applied Risk

We're trusted by European customers to protect them 24/7.

Resources from our partners.

Join a network of cyber resilient organisations.

View more View less

NIS2 Frequently Asked Questions.

Everything you need to know about NIS2.

What is NIS2 directive?
The NIS2 Directive is a regulatory framework established by the European Union to enhance the cybersecurity and resilience of critical infrastructure and digital services. It updates and expands the original NIS Directive, aiming to improve coordination and cooperation across member states to better protect against cyber threats.
Who does NIS2 apply to and which sectors are affected?
NIS2 applies to a broad range of entities, including operators of essential services (OES) like energy, transport, and health sectors, as well as digital service providers (DSPs) such as online marketplaces, search engines, and cloud computing services. It covers both public and private sectors that provide critical infrastructure or services.
What does NIS2 stand for?
NIS2 stands for the "Network and Information Systems Directive 2." It is the second iteration of the EU's directive aimed at strengthening cybersecurity across member states.
When does NIS2 come into effect?
The NIS2 Directive came into effect on January 16, 2023. Member states are required to transpose the directive into their national laws by October 17, 2024, after which it will be fully enforceable.
How do I prepare for NIS2?

To prepare for NIS2, organisations should:

  1. Conduct a thorough risk assessment and gap analysis.
  2. Implement robust cybersecurity measures and incident response plans.
  3. Ensure continuous monitoring and vulnerability management.
  4. Provide training and awareness programs for staff.
  5. Collaborate with national and EU cybersecurity authorities.

Get a free consultation with our cyber security experts to see how we can help.

What is the difference between NIS1 and NIS2?

The main differences between NIS1 and NIS2 include:

  1. Broader scope: NIS2 includes more sectors and types of services.
  2. Higher security requirements: NIS2 mandates stricter cybersecurity measures.
  3. Enhanced enforcement: NIS2 introduces tougher penalties and improved cooperation mechanisms among member states.
  4. Incident reporting: NIS2 requires more detailed and timely reporting of cybersecurity incidents.
Is vulnerability management required for compliance with NIS2?
Yes, vulnerability management is a crucial requirement for compliance with NIS2. Organizations must implement processes to identify, assess, and mitigate vulnerabilities in their network and information systems to prevent and respond to cybersecurity incidents effectively.
Does ISO 27001 cover NIS2?
ISO 27001 can support NIS2 compliance as it provides a robust framework for an information security management system (ISMS). While ISO 27001 alone may not cover all NIS2 requirements, aligning with its standards can help organizations meet many of the directive’s cybersecurity obligations.
NIST Tool
Get a free NIST scan
  • Stay compliant with NIST framework
  • Stay one step ahead of attackers
  • Get a free consultation
Start scan
NIST Tool
Get a free NIST scan
  • Stay compliant with NIST framework
  • Stay one step ahead of attackers
  • Get a free consultation
Start scan
Get ahead of NIS2 and protect your business

Secure your future from threats with 24/7 cyber protection.

  • 24/7 Managed XDR across all endpoints AND cloud
  • Your own SOC & full incident response team at no extra charge
  • 2h avg. plug & play integration with your tech stack
  • Affordable enterprise-grade protection 
  • Data hosting exclusively in the EU
INSURANCE

Get a demo.