NIS-2, the second EU Directive on network and information security, was published by the European Union in December 2022. Member states are required to transpose the directive into national law by October 2024. The main differences between this and the previous version are the extension of affected companies to several sectors, the increased requirements for information security and the closer cooperation with the authorities, in particular reporting obligations on an EU level.

Time is of the essence for affected companies to implement NIS-2 and achieve compliance. In the process, supply chains with third-party suppliers and service providers must also be taken into account.

NIS-2 and other regulations such as BAIT and DORA are current regulations that deal wi ...