Which companies are affected by NIS-2?

The NIS 2 Directive affects more companies than ever before - and not just operators of “critical infrastructure”. Instead, it is aimed at two main categories:

"Important Entities"

• Companies with at least 50 employees or an annual turnover of more than €10 million and
• active in relevant sectors, e.g.: manufacture of critical products (e.g. medical technology, chemicals), postal and courier services, waste management, food production and distribution, digital services (e.g. cloud, online marketplaces, data centers)

"Essential Entities"

• Companies from particularly sensitive sectors, e.g.: Energy (electricity, gas, oil), healthcare (e.g. hospitals), water supply, finance and insurance, digital infrastructure (e.g. internet nodes, DNS providers), public administration

What is the NIS-2 Directive?

The NIS 2 Directive is an EU-wide regulation aimed at improving cybersecurity in companies and organizations. Its goal is to strengthen the digital resilience of critical infrastructures and important economic sectors, such as energy, transportation, healthcare, digital services, and public administration. Affected companies will have to implement stricter security measures, report incidents, and meet higher requirements for their IT and supply chain security. NIS 2 affects significantly more companies than before.

Now is the right time to prepare.