Network and Information Security Directive 2
The EU directive establishing cybersecurity obligations for essential and important entities across critical infrastructure sectors, including energy, transport, health, and digital infrastructure.
NIS2 significantly expands the scope of the original NIS Directive, covering more sectors and introducing stricter security requirements, incident reporting obligations, and management accountability. Member states must transpose it into national law.
Policies on risk analysis, incident handling, business continuity, supply chain security, and network security.
Early warning within 24 hours, incident notification within 72 hours, and final report within one month of significant incidents.
Assessment of cybersecurity risks in supply chains and supplier relationships, with contractual requirements for security measures.
Senior management must approve and oversee cybersecurity measures, with personal liability provisions for non-compliance.
Determine whether your organization falls under NIS2 as essential or important entity and identify applicable obligations.
Pre-built incident reporting templates aligned with NIS2 timelines, ensuring you meet the 24/72-hour notification requirements.
Analyze and document your supply chain cybersecurity posture with automated vendor risk scoring.
Other Frameworks
Upload your policies, connect your systems, and let iQ Pulse map your controls to NIS2 requirements automatically. Audit-ready in weeks, not months.