NIS2 Directive: Who Is Affected and How to Comply
The NIS2 directive extends cybersecurity obligations to thousands of entities. Find out if you are affected and the steps to compliance.

The European NIS2 directive substantially widens cybersecurity obligations. Where NIS1 covered a few hundred operators, NIS2 reaches thousands of "essential" and "important" entities across 18 sectors.
What is the NIS2 directive?
NIS2 imposes a baseline: risk management, supply-chain security, incident notification within 24 hours, and direct accountability of senior management. Non-compliance carries significant penalties.
Is my organisation affected by NIS2?
It targets entities above a size threshold in sectors such as energy, health, transport, digital, water and public administration. Securing data and choosing controlled hosting — even a sovereign cloud — is a natural response, consistent with GDPR and SecNumCloud.
Take the 2-minute assessment — check whether NIS2 applies to you and your compliance gaps. Request a consultation
Frequently asked questions
What is the NIS2 directive?
An EU directive strengthening cybersecurity obligations (risk management, 24h incident notification, management accountability) for thousands of entities.
Is my organisation affected by NIS2?
Likely, if you operate in one of the 18 targeted sectors above a size threshold — an assessment confirms it.