The European NIS 2 Directive, effective from October 17, 2024, aims to strengthen the security of networks and information systems within the European Union.

This new version expands the scope of the 2016 NIS Directive, which was previously limited to operators of essential services (OSE) and digital service providers (DSP). Now, more than 10,000 organizations across 18 sectors will be affected, ranging from digital infrastructures to healthcare services, as well as energy and transport.

These entities will be required to meet three main obligations:

  • Share certain information with the relevant authorities,
  • Proactively manage cyber risks,
  • Report security incidents that have a significant impact.

These obligations aim to standardize and strengthen resilience against growing cyber threats.

Penalties for non-compliance can reach up to 2% of revenue for entities deemed essential and 1.4% for important entities. However, a three-year grace period is granted to allow businesses to gradually adapt to these new requirements, with full compliance expected by 2027.

To support organizations during this transition, ANSSI offers various tools, including the MonEspaceNIS2 website, which allows businesses to check their compliance and stay informed of updates related to the directive.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.