Join us in solving the NIS2 mystery—protecting your digital world, one threat at a time.
NIS2 Directive
NIS2 Directive Overview
The NIS2 Directive is an EU law aimed at improving cybersecurity in important sectors like energy, healthcare, and transport. It requires companies that provide essential services and digital services to strengthen their security and be better prepared for cyberattacks. This helps protect critical systems and sensitive information across the EU, with penalties for non-compliance to ensure better security for everyone.
The NIS2 Directive strengthens EU cybersecurity with key measures:
- Member State Preparedness:
Establishes CSIRTs and NIS authorities for incident response and oversight. - Enhanced Cooperation:
Sets up a Cooperation Group for strategic collaboration and information sharing. - Sector Security:
Focuses on critical sectors (e.g., energy, finance, healthcare) to implement robust security protocols. - Regulatory Oversight:
Authorities can enforce compliance and impose penalties on non-compliant operators. - Service Provider Obligations:
OES and DSPs must manage risks, secure systems, and report incidents promptly. - Global Scope:
Applies to EU and non-EU businesses offering essential services within the EU.
Impact: Companies may need to boost cybersecurity efforts, develop incident response plans, and enhance compliance policies.
Is Your Business Within the Scope of NIS2 Compliance?
Operators of Essential Services (OES)
Annex I lists Operators of Essential Services (OES), both public and private, delivering crucial services in key sectors. While entities classified as OES may differ across member states, they must meet the criteria set in Annex II. Examples include electricity providers, transport companies, and healthcare services.
Annex I |
Sub-Sectors |
|---|---|
| Energy | Electricity, District heating & cooling, Oil, Gas |
| Transport | Air, Rail, Water, Road |
| Water | Drink & waste |
| Space | Infrastructure, Services |
| ICT | MSP, MSSP |
| Health | Pharma, Manufacturing, Laboratories, Services |
Digital Service Providers (DSPs)
Annex II outlines the criteria for identifying Digital Service Providers (DSPs) under the NIS2 Directive. DSPs include online services like search engines, cloud computing, and marketplaces. Only those exceeding specific thresholds in users, turnover, or market share are subject to the directive.
Annex II |
Sub-Sectors |
|---|---|
| Waste Mgmt | All |
| Food | Production, Processing, Distribution |
| Postal/Courier | All |
| Manufacturing | Chemicals, Medical Dev., Computer electronics, Optical products, Electrical equipment, Machinery, Motor Vehicles, Trailers, Transport equipment |