NIS2 Directive: Complete Compliance Guide
Everything you need to know about the NIS2 directive and how to make your organization compliant
What is the NIS2 directive?
The NIS2 directive (Network and Information Security Directive 2) is European cybersecurity legislation designed to strengthen the digital resilience of organizations in critical sectors. The directive replaces the original NIS directive from 2016 and sets stricter requirements for risk management, incident reporting, and supervision.
Organizations falling under the directive must comply with the requirements by October 2024, with enforcement starting in 2025. Non-compliance can lead to significant fines and director liability.
NIS2 Timeline
Directive Adopted
EU officially adopts NIS2 directive
Implementation Deadline
Member states must transpose NIS2 into national law
Enforcement Begins
Active monitoring and potential sanctions for non-compliance
Which organizations must comply with NIS2?
NIS2 applies to essential and important entities in the following sectors
Energy
Transport
Banking
Healthcare
Drinking Water
Digital Infrastructure
Public Administration
Space
Criteria: >50 employees OR >ā¬10M revenue. Some organizations fall under NIS2 regardless of size.
The 8 Core Requirements of NIS2
These measures are mandatory for all organizations covered by NIS2
Risk Management
Implement a systematic approach to identifying, analyzing, and addressing cybersecurity risks
Incident Reporting
Report significant incidents to the competent authority within 24 hours, followed by a full report within 72 hours
Supply Chain Security
Assess and manage the cybersecurity risks of suppliers and service providers
Encryption & Cryptography
Implement adequate encryption for data at rest and data in transit
Access Control
Implement strict access management based on least privilege and need-to-know principles
Business Continuity
Ensure adequate backup, disaster recovery, and crisis management procedures
Security Awareness
Regularly train employees in cybersecurity awareness and best practices
Testing & Audits
Conduct regular security assessments, penetration tests, and audits
Penalties for Non-Compliance
NIS2 introduces significant fines for organizations that fail to comply
Essential Entities
Up to ā¬10 million or 2% of global annual revenue
Important Entities
Up to ā¬7 million or 1.4% of global annual revenue
Additionally, directors can be held personally liable for non-compliance with the directive.
How uComply Helps with NIS2 Compliance
From gap analysis to certification: we guide you through the entire NIS2 compliance journey
NIS2 Gap Analysis
Identify where your organization stands against NIS2 requirements with our comprehensive gap analysis tool
AI Compliance Consultant
Our AI Consultant answers all your NIS2 questions and guides you step by step through implementation
Certification Guidance
Achieve the NIS2 Quality Mark with guidance from our certified auditors and consultants
The NIS2 Quality Mark
uComply is affiliated with the official NIS2 Quality Mark program. This quality mark demonstrates that your organization complies with the NIS2 directive and takes cybersecurity seriously.
- Official recognition of NIS2 compliance
- Increased trust from customers and partners
- Demonstrable compliance for regulators
Frequently Asked Questions about NIS2
When must my organization be NIS2 compliant?
The implementation deadline for member states was October 2024. Organizations must comply from that moment, with active enforcement starting in 2025.
How do I know if NIS2 applies to my organization?
NIS2 applies to organizations in critical sectors with more than 50 employees or more than ā¬10 million in revenue. Some organizations fall under the directive regardless of size.
What are the consequences of non-compliance?
Fines can reach up to ā¬10 million or 2% of global revenue. Additionally, directors can be held personally liable.
What is the difference between NIS and NIS2?
NIS2 has a broader scope, stricter requirements, shorter reporting deadlines, and higher sanctions than the original NIS directive.
Start Your NIS2 Compliance Journey Today
Discover how uComply can help you quickly and effectively comply with the NIS2 directive. Schedule a free demo or download our NIS2 checklist.