NIS2
Definition
NIS2 is the European directive for network and information security that requires organisations in critical sectors to implement robust cybersecurity measures. Board members are personally liable for non-compliance.
NIS2 (Network and Information Security Directive 2) is the successor to the NIS Directive of 2016 and has been in force in EU member states since October 2024. The directive significantly expands the number of mandatory sectors and imposes stricter requirements on risk management, incident reporting and supply chain security.
Organisations fall under NIS2 if they are active in sectors such as energy, transport, finance, healthcare, digital infrastructure and government services above certain thresholds. Board members are held personally liable for serious violations.
NIS2 compliance requires a gap assessment, implementation of security measures, incident response procedures and annual reporting. DEFION offers a NIS2 Readiness Assessment.