NIS2 the European Union’s newest cybersecurity legislation approaches

NIS2 raises cybersecurity requirements for the entire critical sector in Europe

Help with NIS2 is on the way!

ESET is a global leader in digital security with its roots in the European Union. For more than 3 decades, we have pioneered industry-leading IT security software and services for businesses and consumers around the world. ESET has since grown into the largest IT security company in the European Union with solutions ranging from endpoint security, XDR and mobile security, to encryption and two-factor authentication.


Eversheds Sutherland is a global law and civil-law notary firm with 74 offices in 35 countries and employs more than 3,000 lawyers. Due to our international character, we are able to provide cross-border advice like no other. In Europe, Eversheds Sutherland has 44 branch office.

Together with Eversheds Sutherland, ESET will help provide guidance in order to comply with the new NIS2 guideline relevant to your organization.

The NIS2 guideline

NIS2 creates a new scope to strengthen the level of cybersecurity across the EU. This updated version of the first Network and Information Systems Directive entered into force on 16 January 2023, requiring entities operating in critical sectors such as energy, transport, health, digital services and managed security services to implement improved risk management. NIS2 also introduces new reporting rules and fines.

NIS2: A Floor, not a Ceiling

The new NIS2 Directive comes as a response to the growing dependency of critical sectors on digitalization and their higher exposure to cyber threats.

Read more >

What does NIS2 mean to you?

Compared to its previous version, the new NIS Directive eliminates the distinction between operators of essential services and digital service providers.

Read more >

The duty of care under NIS2

Under the NIS Directive, a dual duty applies to providers of essential services and digital service providers: a duty to report and a duty of care. In this blog, we will explain the latter.

Read more >

NIS2: The duty to report

With the advent of the NIS2 Directive, in addition to the duty of care, the duty to report, which already existed under the original NIS Directive, will be fleshed out.

Read more >

Enforcement, supervision and penalties

The NIS2 foresees enforcement mechanisms to ensure effective compliance with the rules and sanctions in case of breach of the rules.

Read more >

Read our whitepaper for everything you need
to know about NIS2

Where to begin?

NIS2 establishes 17 October 2024 as the deadline for the entities covered by the directive to comply with the new rules.

If you can answer “yes” to these six questions, you are well on your way! In any case, check our blogs to understand how the NIS2 directive impacts your business.

•    Do you have an updated inventory of all your hardware and software?
•    Do you do a weekly checkup for new software updates?
•    Do you know which risks are linked to the hardware and software used in your organization?
•    Are you aware of legislative changes and new laws being discussed?
•    Have you mapped out how much risk your organization is taking digitally, and do you make well-considered decisions to determine your readiness to deal with these risks?
•    Do you regularly assess whether the measures, procedures and processes necessary to limit and control identified cyber risks are still sufficient to protect your organization?