Don't Let NIS2Catch You Off Guard

NIS2 Implementation Deadline: Rolling Out Now

NIS2 is rolling out now. Get compliant, reduce risk for leadership, and keep your key customers confident.

Check Your ScopeView Roadmap

Which CategoryDoes Your Organization Fall Under?

Before you invest in implementation work, you need clarity on whether NIS2 applies to your organisation, and, if so, under which category. NIS2 scope depends on factors like sector, size, and the nature of your services. The classification influences your obligations and the level of supervisory scrutiny.

Use this scope tool to quickly determine where you fit and what that means for your next steps.

Country of Operation
Sector and Entity Type
Has your organization been deemed critical under the CER Directive?
Has your organization been deemed critical due to its specific importance at a national or regional level?
Has your organization been deemed the sole provider of a service essential for the maintenance of critical societal or economic activities?
Has your organization been deemed to provide a service whose disruption could significantly impact public safety, public security, or public health?
Has your organization been deemed a source of significant systemic risk, in particular for sectors where disruption of your service could have a cross-border impact?
Was your organization identified as an Operator of Essential Services (OES) before 16 January 2023 under the NIS1 Directive or national law?
Number of Employees0
Annual Turnover0
Annual Balance Sheet Total0

NIS2 ScopePlease select an entity type

This tool provides a general indication only and is not a substitute for professional legal advice. The final determination of whether your organisation falls within the scope of the NIS2 Directive depends on the specific national transposition in your country, your exact activities, size, and other factors. Always consult a qualified expert or competent authority for an official assessment.

ISO 27001Roadmap

NIS2 implementation requires both regulatory readiness and operational security capability. The journey typically starts with confirming scope and obligations, then moves into structured delivery: an implementation roadmap, leadership oversight, and incident readiness, including the reporting workflows NIS2 mandates.

For the implementation workstream, ISO/IEC 27001:2022 provides the backbone. It translates NIS2 measures into a managed system of governance, controls, monitoring, and continual improvement, supported by clear documentation and defensible evidence.

What is theNIS2 Directive

The NIS2 Directive, NIS2 Directive, is the EU's updated cybersecurity baseline for critical and important sectors. Unlike the old rules, it covers the whole economy, forcing thousands of companies across multiple industries to meet strict new security standards.

It was adopted on 14 December 2022 and published in the Official Journal on 27 December 2022. Member States had to adopt and publish national measures by 17 October 2024 and apply them from 18 October 2024.

NIS2 also repeals the original NIS Directive, NIS1 Directive, with effect from 18 October 2024.

For a single, official EU-wide record of national transposition measures, the Publications Office maintains the EUR-Lex National transposition measures collection for NIS2, which is updated weekly based on Member State notifications.

History ofNIS2 EU Adoption

14 December 2022
NIS2 adopted at EU level
The EU formally agreed the text that modernised and expanded the NIS regime (more sectors, stronger governance, higher penalties).
27 December 2022
Published in the Official Journal (OJ L 333)
The final, legally authentic text of Directive (EU) 2022/2555 (NIS2) was published in the EU’s Official Journal.
16 January 2023
Entered into force (20 days after publication)
The directive became legally effective at EU level, triggering the implementation (transposition) period for Member States.
17 October 2024
EU transposition deadline
By this date, Member States were required to have adopted and published national measures implementing NIS2.
18 October 2024
Application deadline across the EU
From this date, national NIS2 measures were supposed to be applicable (including supervision and enforcement tools).
28 November 2024
Commission follow-up for late transposition
The Commission publicly noted that many Member States had not fully transposed by the deadline and urged completion (part of infringement follow-up practice).