All frameworks
NISDirective 2022/2555

NIS2 compliance

The EU's raised bar for cyber resilience.

NIS2 significantly expands the EU's cybersecurity rules, covering more sectors and imposing stronger risk-management, incident-reporting and governance obligations — with direct accountability for management bodies and meaningful penalties for non-compliance.

See how it works

The standard

NIS2 — EU Directive 2022/2555 on network & information security

Who needs it

Essential and important entities across expanded sectors operating in the EU — energy, transport, health, digital infrastructure, manufacturing, and many providers of digital services.

24h

Incident early-warning window

What it covers

Risk-management measures

A baseline set of technical and organisational measures every entity must implement.

Incident reporting

Early warning within 24h and staged reporting to national authorities.

Management accountability

Leadership is responsible for — and must be trained on — cyber-risk oversight.

Supply-chain security

Address risks arising from suppliers and service providers.

How Compliance One helps

  • Maps NIS2's risk-management measures to an implementable, evidenced control set.
  • Provides incident workflows aligned to the 24-hour early-warning obligation.
  • Keeps management-level reporting and evidence ready for supervisory scrutiny.
  • EU data-region storage so evidence can stay within the Union.
One control set, many frameworks. Evidence you collect for NIS2 is automatically reused across the other standards you run — do the work once, prove it everywhere.

Ready to tackle NIS2?

See exactly how Compliance One maps NIS2 to your environment in a 30-minute walkthrough.