Understanding the NIS2 Directive

What is the NIS2 Directive About?

The NIS2 (Network and Information Systems) Directive, effective since January 16, 2023, marks a significant shift in the European Union's approach to cybersecurity. Expanding the scope to include more sectors and companies, it aims to bolster the resilience of critical infrastructures against cyber threats. With its implementation deadline set for October 17, 2024, businesses need to be proactive in understanding and complying with its requirements.


Key Changes and their Impact: What's New in NIS2?

Expanded Scope

Encompassing 18 sectors, including 7 new Important Entities, NIS2 widens its net to ensure more companies are prepared for cyber threats.

Group 2439

Mandatory Cyber Risk Management

Companies must now rigorously assess and manage cyber risks, including those in the supply chain.

Group 2439

Stringent Reporting

NIS2 enforces strict reporting obligations, ensuring timely and transparent communication with relevant authorities.

Industries affected by the NIS2 Directive


Essential Entities

Important Entities

Energy (Electricity, Oil, Water, Hydrogen) Post and Courier Services
Healthcare (Hospitals, Laboratories, R&D, Pharmaceuticals, Medical Device Manufacturers) Waste Management
Transport (Air, Rail, Water, Road) Chemical Products
Banking & Finance Food
Drinking Water Manufacturing/Manufacturing Industry
Sewage Digital Services (Online Marketplaces, Search Engines, Social Networks)
Digital Infrastructures (IXPs, Cloud Providers, Data Centers, CDNs, TSPs, Electronic Communications) Research
ICT Service Management in B2B  
Space Travel  
Public Administration (Central Government, Regional Government)  



Responsibilities Under NIS2

  • For CEOs and Managing Directors: Under NIS2, you are directly accountable for your company's cyber risk management. This includes approving, monitoring, and ensuring the effective implementation of cybersecurity measures. ForeNova's suite of services can guide you in developing and maintaining a robust cyber defense strategy.

  • For CISOs and IT Security Managers: The directive tasks you with the tactical implementation of cybersecurity practices. From incident response to access control, ForeNova's NovaMDR and NovaCommand solutions align with your operational needs, ensuring comprehensive security management.


NIS2 Non-compliance Penalties


The requirements of the NIS2 are legally binding on the entities that fall under its purview. Member States have the discretion to penalize non-compliant entities with dissuasive penalties as well as administrative fines. In general, essential entities that fail to comply with its directives may be fined up to €10 million or 2% of their total turnover worldwide – whichever is higher. Important entities that fail to comply with the NIS2 may be fined up to €7 million or 1.7% of global turnover. In addition, non-compliant companies may be forced to suspend their business activities until they meet the NIS2 requirements and achieve 100% compliance. 

Learn more about the NIS2 Directive


Mask group (1)

Leveraging MDR for NIS2 Compliance 

Key Assets and Services Protected with MDR


24/7 Monitoring: MDR provides constant vigilance, ensuring cyber threats are detected and addressed promptly. This is crucial for essential entities that cannot afford downtime. 

icon-15 1

Skilled Incident Response: MDR offers expert assistance to help you respond to and remediate cyber threats, reducing the risk of damage to your systems and ensuring compliance with NIS2. 

icon-04 1

Broad Coverage: MDR protects all digital assets, from servers to IoT devices, helping you comply with NIS2's extensive protection requirements. 

icon-17 1

Compliance Reporting: MDR generates comprehensive reports on cybersecurity measures, demonstrating your adherence to NIS2 requirements. 

Webinar: Prepare for compliance with the NIS2 Directive

NIS2 Directive Frequently Asked Questions

1. How will the new NIS2 rules be supervised and enforced?

2. How does NIS2 interact with other EU policies?

3. How does NIS2 propose to improve cyber crisis management?

4. How will NIS2 strengthen and streamline cybersecurity requirements for covered entities?

Tap into expert insights & best practices

ForeNova’s experts share valuable insights, best practices, customer challenges and industry trends. Learn from security practitioners and thought leaders on how to best protect your business from new and persistent cyber threats.

How Do DACH Countries Benefit from Cybersecurity Protection Services?

Read more…

ROI: Managed Detection and Response (MDR) vs. In-House SOC

Read more…

Proactive Resilience: Creating an IT Disaster Recovery Plan

Read more…

Detect and protect.

ForeNova represents a new way for companies to put an end to relentless, and often undetected, cyber threats coming from every direction.​ With ForeNova’s unified command center, businesses can detect threats that are already inside their network, and previously unknown.