NIS2

Network and Information Security Directive

The EU's updated cybersecurity directive. Mandatory requirements for essential and important entities across critical sectors.

What is NIS2?

NIS2 (Directive 2022/2555) is the EU's updated directive on cybersecurity. It replaces the original NIS Directive with broader scope and stricter requirements.

The directive establishes cybersecurity risk management and incident reporting obligations for organizations in critical sectors. It introduces significant penalties for non-compliance.

Member states must transpose NIS2 into national law. Organizations should prepare now to meet requirements by the implementation deadline.

Sectors covered

  • Energy (electricity, oil, gas, hydrogen)
  • Transport (air, rail, water, road)
  • Banking and financial market infrastructure
  • Health sector
  • Drinking water and wastewater
  • Digital infrastructure
  • ICT service management (B2B)
  • Public administration
  • Space sector
  • Postal and courier services

+ more sectors and sub-sectors

Key requirements

NIS2 mandates specific cybersecurity measures and incident reporting procedures for in-scope entities.

Cybersecurity risk management
Incident handling procedures
Business continuity planning
Supply chain security
Network and systems security
Vulnerability management
Cybersecurity hygiene practices
Cryptography and encryption
Human resources security
Access control policies
Asset management
Multi-factor authentication

How Kynosure helps

Achieve NIS2 compliance with structured documentation and readiness assessments.

PYXIS — Multi-Framework Assessment

Pyxis scores your NIS2 readiness alongside DORA, ISO 27001, and four more frameworks in a single guided run. Sector-profiled, severity-ranked gaps, methodology-backed PDF.

Prepare for NIS2

Run the unified assessment and get FCI, WMI, and ECI scores plus a severity-ranked gap register — on NIS2 and six other frameworks at once.

Start your assessment Explore Pyxis