What is the NIS2 Directive?

NIS2 is a European regulation that requires thousands of companies, small and large, to strengthen their cybersecurity.

Its objective is simple: to prevent a cyberattack on one company from disrupting an entire business chain, an essential service or public safety.

From 2024–2025 onwards, NIS2 imposes a series of concrete obligations:

• Better protection of IT systems
• Strict access management
• Reliable backups
• Continuous monitoring
• Team training
• Ability to respond in the event of an incident

This framework is no longer reserved for very large organisations: many SMEs are now concerned, sometimes even indirectly when they work for an essential or important entity. Many are still unaware of it.

How do you know if your company is affected by NIS2?​

Several criteria determine whether you fall within the scope of NIS2.

The size of your company : 
NIS2 applies to organisations of at least medium size. 

Your business sector : 
In its annexes, NIS2 divides the economy into 18 so-called “critical” sectors: energy, transport, health, water, digital infrastructure, banking, public administration, production of chemical, medical or electronic products, food sector, waste management, digital services, etc.

Companies working with a partner from one of these sectors are also concerned.

On this basis, NIS2 classifies the organisations covered into two categories: 
Essential entities (the largest and most critical)
Important entities. It is therefore clear that far more companies than one might think are affected by these directives.