What is the NIS2?
NIS2 is the EU's Network and Information Security Directive 2, an updated cybersecurity regulation aimed at strengthening resilience across critical sectors. It expands on the original NIS Directive by broadening its scope and imposing stricter requirements on organizations.
The NIS2 directive classifies over 160,000 organisations across the EU as either "essential" (e.g. energy, health, banking) or "important" (e.g. digital providers, research), with stricter obligations for essential entities.
All affected organisations must implement cybersecurity policies, manage assets, train staff, report incidents rapidly, and assess supply chain and crisis risks.
Non-compliance may result in fines up to €10 million or 2% of global turnover, with potential personal liability for executives.
