When does NIS2 come into effect?

NIS2 entered into force on 16 January 2023, with member states required to transpose it into national law by 17 October 2024. Implementation timelines vary by country.

How is NIS2 different from NIS1?

NIS2 significantly expands scope (more sectors and entity types), introduces stricter requirements, harmonises enforcement across the EU, and imposes personal liability on management bodies for non-compliance.

Does NIS2 apply to non-EU companies?

NIS2 can apply to non-EU entities that provide services within the EU. If an organisation provides services to EU customers in covered sectors, it may need to comply with NIS2 requirements in the relevant member states.

All Frameworks

21 Controls

NIS2 Directive

Network and Information Security Directive 2

The NIS2 Directive is EU-wide legislation on cybersecurity that establishes baseline cybersecurity requirements for essential and important entities across member states. It strengthens security requirements and introduces stricter supervisory measures.

Start Free Trial Request Demo

Ideal For

Essential EntitiesImportant EntitiesDigital InfrastructurePublic Administration

What is NIS2 Directive?

The NIS2 Directive is EU-wide legislation on cybersecurity that establishes baseline cybersecurity requirements for essential and important entities across member states. It strengthens security requirements and introduces stricter supervisory measures.

NIS2 applies to medium and large entities in critical sectors across the EU, classified as either essential entities (energy, transport, banking, healthcare, digital infrastructure) or important entities (postal services, waste management, manufacturing, food production, digital providers). Member states transpose NIS2 into national law.

Key Requirements

Core areas of NIS2 Directive that organisations must address.

Implement risk analysis and information system security policies

Establish incident handling and reporting procedures

Ensure business continuity and crisis management

Address supply chain security and vendor risk

Implement vulnerability disclosure and handling

Provide cybersecurity awareness training

How GRCTrack Supports NIS2 Directive

Risk management measures

Incident reporting requirements

Supply chain security assessments

Business continuity planning

Vulnerability handling

Cybersecurity training requirements

EU Compliance

Meet mandatory requirements for EU operations.

Reduced Risk

Comprehensive security measures reduce incidents.

Supply Chain Security

Secure your entire supply chain.

Frequently Asked Questions

Ready to Simplify NIS2 Directive Compliance?

Join hundreds of organisations using GRCTrack to manage compliance.

Start Free Trial View All Frameworks