Cookie consent(s)
We use cookies to personalize content and ads, provide social media features, and analyze traffic. This is done only with your explicit consent. By clicking "ACCEPT ALL," you agree to the processing and sharing of your data with our partners for social media, advertising, and analytics, including in third countries in accordance with Art. 49(1)(a) GDPR and Art. 17(1)(a) FADP (Switzerland). There is a risk that your data may be monitored by authorities without legal recourse. You can change or revoke your consents at any time in the data privacy settings .
Data protection declaration | Legal notices
Settings

Network and Information Security Directive (NIS2)

Mar 11, 2025

What is NIS2?

The Network and Information Security Directive 2 (NIS2) is the latest evolution in cybersecurity regulations within the European Union. It builds upon the original NIS Directive in 2016 by expanding its scope, implementing stricter cybersecurity requirements, and introducing more significant penalties for non-compliance.

Why is NIS2 Important?

The original NIS Directive, which was focused only on a few areas/industries of major importance, set a strong foundation for cybersecurity , but with the rapidly evolving threat landscape, NIS2 offers a more comprehensive approach. It recognizes the rising number and complexity of cyberattacks that can destabilize entire industries and economies.
Key advancements in NIS2 include:
  • Broader Industry Scope : From 7 to 15 sectors, including critical national infrastructure (CNI) and digital services. It can affect medium-sized or, in exceptional cases, even small companies.
  • Enhanced Risk Management: Emphasis on advanced risk management, incident reporting, and supply chain security.
  • Higher Penalties for Non-Compliance: Entities failing to meet requirements may face significant fines.

Who Does NIS2 Apply To?

NIS2 expands the list of organizations under its jurisdiction, including both Essential Entities and a new category of Important Entities, which must meet stringent cybersecurity requirements.
Essential entities Include:
  • Electricity, oil, and gas companies
  • Transportation (air, rail, road)
  • Healthcare providers
  • Banking and financial markets
  • Drinking and water supply services
  • Digital infrastructure
  • Space
  • Food
  • Municipal waste
Important Entities Now Covered:
  • Waste management organizations
  • Manufacturing companies
  • IT and security service providers
  • Postal and courier services
  • Chemical industries
  • Food processing companies(Wholesale, production, processing)
  • Research institutions
  • Social networks and digital service provider
Additionally, entities supplying to the EU or supporting organizations covered by the directive may also need to comply.

Benefits of NIS2 Compliance

Complying with NIS2 goes beyond meeting regulatory requirements—it brings significant advantages for organizations. It strengthens cyber resilience by ensuring better preparation and response to potential threats. It also enhances risk management by providing a deeper understanding of risks across the organization, enabling more informed decision-making. Additionally, NIS2 supports proactive incident management, allowing for faster and more effective responses to cybersecurity incidents, ultimately safeguarding critical operations and data.
Why Choose DEKRA for NIS2 Compliance?
As a trusted and independent global network of experts, we provide the knowledge and insight needed to navigate NIS2 compliance with confidence. Partnering with DEKRA means gaining from our deep expertise and commitment to supporting your organization's cybersecurity goals.
Show all articles