NIS2 Directive.
NIS2 is the EU's updated cybersecurity directive, replacing the original NIS Directive. It significantly expands the scope of covered entities, introduces stricter incident reporting timelines (24-hour early warning), and holds management personally liable for cybersecurity governance failures.
Maximum penalty
€10M or 2% global turnover (whichever is higher)
Source: Article 34
Key requirements
24-hour early warning for significant incidents
72-hour full incident notification with impact assessment
Cybersecurity risk management measures (Art 21)
Supply chain security assessment and monitoring
+4 more requirements in the complete guide.
Get the full NIS2 compliance guide →Enforcement examples
National transposition deadline October 2024
Member states enforcing through national law; first enforcement actions expected 2025
-
2024
How Tessera automates NIS2 compliance
24-hour early warning automation with incident classification
72-hour notification workflow with supervisory authority routing
Continuous vulnerability scanning and supply chain monitoring
Management accountability dashboard and training tracking
Business continuity evidence collection and testing
NIS2 compliance checklist
Essential steps to achieve and maintain NIS2 compliance.
Determine if your organization is essential or important entity
Implement 24h early warning + 72h full notification process
Conduct cybersecurity risk assessment (Art 21 measures)
+4 more steps in the full checklist.
Get your complete NIS2 compliance checklist - free →Industries affected
Calculate your NIS2 exposure.
See exactly how NIS2 penalties apply to your revenue and industry profile.