The NIS 2 Directive has officially come into effect, significantly expanding cybersecurity requirements across the European Union. Businesses that fall under its scope must now comply with stricter security measures, enhanced incident reporting obligations, and increased regulatory scrutiny.

‍

What is the NIS 2 directive?

The Network and Information Security 2 (NIS 2) Directive is the updated version of the original NIS Directive, introduced in 2016 to improve the cybersecurity posture of essential services and digital infrastructure providers across the EU. NIS 2 expands its coverage to a broader range of sectors and introduces stricter compliance measures.

‍

Who needs to comply?

The scope of NIS 2 includes businesses across two key categories:

1. Essential Entities – Includes providers of critical infrastructure such as energy, transport, banking, health, public administration, and digital services.
2. Important Entities – Covers industries such as postal services, waste management, food production, chemicals, and more.

Companies operating in these sectors, regardless of their size, must adhere to NIS 2 if they provide services within the EU.

‍

Key compliance requirements

Businesses falling under the NIS 2 Directive must meet several strict cybersecurity and risk management obligations, including:

• Stronger Cybersecurity Measures – Companies must implement risk management protocols, including supply chain security, access control, and encryption.
• Incident Reporting – Cyber incidents must be reported within 24 hours of detection, followed by a full assessment within 72 hours.
• Board-Level Accountability – Executives and boards must oversee compliance and can face personal liability for negligence.
• Fines for Non-Compliance – Entities that fail to comply may face fines up to €10 million or 2% of global turnover, whichever is higher.

‍

What happens next?

EU Member States must now transpose NIS 2 into national law, meaning enforcement will begin at the national level. Businesses operating in the EU should take immediate steps to assess their cybersecurity posture, review reporting obligations, and align with the new requirements.

‍

How EU Presence can help

At EU Presence, we assist businesses outside the EU with regulatory compliance, including NIS 2 Representation. If your company falls under the scope of NIS 2 but lacks an EU legal presence, we act as your official EU Representative, ensuring seamless compliance with local authorities.

‍

Stay ahead of compliance challenges

With cybersecurity regulations tightening across the EU, proactive compliance is crucial. Contact us today to ensure your business remains compliant and avoids costly penalties.

‍