Digital locks with 1 lock in green
NIS2 explained

On this page, you will find NIS2 PDFs and more information about the directive.

HomepageSolutionsCybersecurityNIS2 Directive

NIS2 PDF

Everything you need to know about the NIS2 directive

The European cyber legislation NIS2 directive enables organizations to increase their digital resilience. Are you looking for a clear and downloadable NIS2 PDF document? DEKRA offers this in the form of downloadable white papers. These provide an overview of the directive, obligations, supply chain, and standards such as ISO 27001 and IEC 62443. Below you can read about the basic features of NIS2.

What is NIS2?

The NIS2 Directive is the successor to the original NIS legislation from 2016. Its aim is to increase the security of network and information systems in the EU — both for organizations that provide essential services and for important entities. Who does it apply to? Medium-sized and large organizations (50+ employees or a turnover of more than €10 million) in multiple sectors such as energy, transport, healthcare, digital infrastructure, drinking water, etc.
Must-read whitepapers

Cybercrime in the EU

Discover how your organization plays a crucial role in strengthening the EU's digital resilience. In this whitepaper we discuss the impact of cybercrime.
Request whitepaper

Cybersecurity legislation overview

Are you prepared for the latest European cybersecurity legislation? This whitepaper provides a clear overview of NIS2, RED-DA, and CRA compliance.
Request whitepaper

Key elements of the directive

Scope & entities

A distinction is made between essential entities (high supervision) and important entities (less direct supervision, but still subject to obligations) within the scope of NIS2.
In addition, there is increasing focus on the supply chain: you are not only responsible for your own security, but also that of your partners and suppliers.

Obligations

Organizations must, among other things:
  • Perform a risk analysis.
  • Take technical, operational, and organizational measures.
  • Reporting incidents: initial report within 24 hours, detailed report within 72 hours, and final report at a later stage.
  • Fines: Failure to comply may result in significant fines (e.g., €10 million or 2% of global turnover for essential entities).

Connection to other standards

ISO 27001 and NIS2
The ISO 27001 standard provides a foundation for information security and helps organizations comply with parts of NIS2. In some cases, only parts of ISO 27001 are required in combination with additional documentation to comply with NIS2. Read more about ISO 27001 and NIS2 here.

What can DEKRA do for you?

Get in touch with us easily

Compliance with the NIS2 directive is a complex and ongoing process that requires your organization to evaluate and improve its security measures. By working with DEKRA, you can increase your digital resilience and be better prepared for the challenges posed by applicable laws and regulations.
Would you like to learn more about how DEKRA can support your organization in the field of cybersecurity? Simply contact us using the form below.
Personn on laptop, receiving NIS2 directive updates
NIS2: Stay informed
Don't miss important updates on the latest developments surrounding NIS2. Subscribe and automatically receive the latest information directly in your inbox.
Whitepapers
NIS2 Whitepapers
Contact
Contact