Skip to content
MENU
All results
SELECT LANGUAGE
SELECT COUNTRY
Brasil Česká republika Colombia Deutschland India Polska Portugal Sverige United kingdom United States
NEXER GLOBAL

NIS2 directive

What your business needs to know.

The NIS2 Directive is redefining cybersecurity requirements, imposing strict demands on risk management, incident reporting, and supplier security. To avoid heavy sanctions and mitigate risks, organizations must act now to strengthen their IT security.

what is nis2?

NIS2 (Network and Information Security Directive) is the EU’s new cybersecurity directive aimed at building a more resilient and secure digital infrastructure. The directive imposes stricter requirements on areas such as risk management, incident reporting, supplier security, third-party risks, and regulatory compliance.

The NIS2 Directive focuses on several key areas to strengthen the EU’s cybersecurity:

Security measures and incident management.
Significant incidents must be reported to authorities within 24 hours of becoming aware of them.
Risk management and business continuity planning.
Organizations must conduct due diligence on suppliers, including contractual security requirements and regular audits.

NIS2: Implementation timeline
The NIS2 Directive entered into force in January 2023. EU member states must transpose it into national law by October 17, 2024. In Sweden, enforcement is expected to begin no earlier than summer 2025.

What happens if you fail to meet the regulations?
Whether or not your organization falls under NIS2, it sets a new standard for cybersecurity. If you don’t align with these expectations, your business becomes increasingly vulnerable compared to others strengthening their security – leading to potential financial, operational, and reputational risks. Non-compliant entities risk fines of up to €10 million or 2% of global annual turnover for essential sectors, and €7 million or 1.4% for other critical sectors.

Who is subject to the Directive?

NIS2 applies to medium and large organizations in specified sectors. Small entities are generally exempt unless they operate in highly critical infrastructure. Examples include energy, transport, finance, healthcare, food production, digital infrastructure, and public administration.

In general, companies whose incidents could disrupt or impact essential societal functions are covered. Therefore, NIS2 not only applies to those directly providing essential services, but also to those within the supply chains of the affected sectors.

The tightened regulations mean that more businesses are now included. For example, wind turbine manufacturers and operators of charging stations in the energy sector are now covered, which was not the case under NIS.

How do I know if we are covered?

To determine if your business is covered by NIS2 and what actions are required, it may be helpful to conduct a thorough review of your services or products in relation to the essential functions you impact.

If you’re unsure whether NIS2 applies to you, consider asking these questions:

Do we manage critical infrastructure or provide digital services that are important to society at large?
Could a cyberattack on us affect essential societal functions?
Are we part of a supply chain that is covered by NIS2?

What happens if we are covered?

If your business is covered by NIS2, you must take immediate action to meet the new requirements, including risk assessments and various security measures.

Affected businesses must notify the relevant supervisory authority for their sector. The supervision will ensure compliance and also serve as support for businesses in their efforts to maintain high security standards.

Those who fail to meet the requirements risk significant sanctions. It’s not just about avoiding fines – it’s about protecting your business from cyber threats and future-proofing your digital security.

where do we start?

Hiring experts to help your company get started with NIS2 and ensure compliance with the requirements is a wise investment. We have the knowledge and experience needed to identify and manage risks effectively, minimising both security gaps and potential legal consequences.

A great starting point for understanding NIS2 is to educate yourself. That’s why we’ve created a step-by-step guide that provides an overview of the directive and helps you get started.

In our practical step-by-step guide, you will receive:
  • An overview of what NIS2 entails and which businesses are covered.
  • A list of new requirements, including incident reporting and supplier security.
  • Concrete tips for meeting the regulations and protecting your business.
download our nis2-guide
facebook twitter linkedin email
Contact us
Jesper Svegby
CEO Cybersecurity


contact person
let’s talk nis2!

Our cybersecurity experts have deep knowledge of regulatory requirements, risk management, and compliance.

This site uses cookies to provide you with a great user experience. By using this website, you accept the privacy policy.