EUR · Framework
NIS 2 — NIS2 Directive
NIS2 raises the common level of cybersecurity across the Union by extending obligations to essential and important entities in eighteen critical sectors.
What it is
NIS2 raises the common level of cybersecurity across the Union by extending obligations to essential and important entities in eighteen critical sectors.
European Union · National transposition deadline 17 October 2024
Who it binds
Medium and large organisations in sectors such as energy, transport, banking, health, water, digital infrastructure and public administration, through national transposing law.
Key obligations
- Risk-management measures proportionate to the threat
- Accountability of management bodies for cybersecurity
- Incident notification, with a 24-hour early warning
- Supply-chain and vendor security
- Registration with the national competent authority
How CCI addresses it
CySSURANCE maps and measures essential-entity obligations against your estate, and the audit practice extends to NIS2 readiness assessments.
Official source
Directive (EU) 2022/2555
https://eur-lex.europa.eu/eli/dir/2022/2555/oj
The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.