NIS2 Directive

The NIS2 Directive is an EU directive to raise cybersecurity. It requires entities in important and essential sectors to implement risk management, reporting obligations and technical security measures.

What is the NIS2 Directive?

The NIS2 Directive is an EU directive (2022/2555) to strengthen cybersecurity and the successor to the first NIS Directive. Its goal is a uniformly higher security level across the EU. The range of affected sectors is significantly expanded compared with its predecessor.

Who is affected by NIS2?

NIS2 covers essential and important entities in sectors such as energy, transport, health, finance, digital infrastructure, public administration and waste management, often above certain company sizes. In Germany, transposition takes place through the NIS2 Implementation Act (NIS2-Umsetzungsgesetz).

What obligations does NIS2 bring?

NIS2 requires appropriate technical and organisational risk-management measures, reporting obligations for significant security incidents including an early warning, and explicit accountability of management.

What fines apply under NIS2?

For essential entities, fines of up to 10 million euros or 2 percent of worldwide annual turnover are foreseen, whichever is higher. Management can be held personally accountable.

How SecureCloud supports NIS2 requirements

SecureCloud supports affected organisations with a platform hosted in Germany that is GDPR-compliant, ISO 27001- and Trusted-Cloud-certified, BSI C5-attested and CIS-compliant. Encryption, granular access control and a complete audit log help implement the technical and organisational measures.

Industry-specific implementation: public sector and financial sector.

Frequently asked questions

When does the NIS2 Directive apply?

The NIS2 Directive has been in force across the EU since 2023. Member states had to transpose it into national law by October 2024; in Germany this happens through the NIS2 Implementation Act.

Who is affected by NIS2?

Essential and important entities in the regulated sectors are affected, often above certain size thresholds. These include energy, transport, health, digital infrastructure and public administration.

What is the difference between NIS2 and KRITIS?

NIS2 is an EU-wide framework with a broad range of sectors. KRITIS is the German framework for critical infrastructure. NIS2 expands the affected group and tightens requirements for many KRITIS operators.

Erfahren Sie mehr!

Unsere Experten beantworten Ihnen gerne alle Fragen.

Elevating business.