Risk-management measures
A baseline set of technical and organisational measures every entity must implement.
The EU's raised bar for cyber resilience.
NIS2 significantly expands the EU's cybersecurity rules, covering more sectors and imposing stronger risk-management, incident-reporting and governance obligations — with direct accountability for management bodies and meaningful penalties for non-compliance.
The standard
NIS2 — EU Directive 2022/2555 on network & information security
Who needs it
Essential and important entities across expanded sectors operating in the EU — energy, transport, health, digital infrastructure, manufacturing, and many providers of digital services.
24h
Incident early-warning window
A baseline set of technical and organisational measures every entity must implement.
Early warning within 24h and staged reporting to national authorities.
Leadership is responsible for — and must be trained on — cyber-risk oversight.
Address risks arising from suppliers and service providers.
See exactly how Compliance One maps NIS2 to your environment in a 30-minute walkthrough.