The NIS 2 directive is a legislative act that sets out measures to achieve a high common level of cybersecurity across the EU.

VNET Wholesale

The NIS 2 directive

In the digital world, cyber threats are becoming increasingly sophisticated, posing significant risks to businesses and individuals alike. The new Directive (EU) 2022/2555, also known as the NIS 2 Directive, aims to achieve a high level of cybersecurity and targets key sectors critical to the functioning of society. Are you interested in what NIS 2 means for you and your business? We bring you a comprehensive guide to this important legislation. We will discuss its key points, the affected sectors, and explain what steps need to be taken to achieve compliance with the new rules by the deadline of October 17, 2024. As with all areas of IT management, VNET offers its expertise to help you meet all legal requirements for NIS 2 compliance and cybersecurity in your company.

What is the NIS 2?

The NIS 2 Directive is a legislative act that establishes measures to achieve a high common level of cybersecurity across the EU. Its aim is to improve the existing cybersecurity framework by introducing stricter obligations for companies and organizations in critical sectors.

What are the key points of the NIS 2 Directive?

  • Expanded scope

    The directive affects a wider range of sectors and entities, thereby strengthening overall cyber resilience. Cybersecurity obligations will now also apply to companies that were not previously regulated.
  • Enhanced protection against cyber risks

    Stricter measures for managing cyber risks are being introduced. Businesses will need to implement and maintain adequate technical and organizational solutions to protect against cyber threats.
  • Implementation of security measures

    Operators of critical infrastructure must implement strict security measures to protect their systems and data. This includes risk management, incident response plans, testing, and audits.
  • Mandatory reporting of cyber incidents

    All entities covered by the NIS 2 Directive will be required to report cyber incidents to the relevant authorities. This is crucial for the timely identification of threats, coordination of response, and prevention of the spread of cyber attacks.
  • Establishment of national teams

    Each member state must establish a national team for responding to cybersecurity incidents (CSIRT). These teams will coordinate the response to cyber attacks and share information with other member states.
  • Strengthened cooperation at the European level

    The directive emphasizes strengthening cooperation among EU member states in the field of cybersecurity. This includes information exchange, mutual assistance in addressing cyber incidents, and joint development of tools and solutions to combat cyber threats.
  • Reducing Long-Term Risks

    Investments in cybersecurity in line with the NIS 2 Directive are not just a short-term obligation but a foundation for reducing future risks and building resilience against cyber threats.

Who Does the NIS 2 Directive Apply To?

The directive applies to a wide range of entities and distinguishes them between two types of critical infrastructure:

  • Entities of Essential Importance

    These entities, such as energy companies, hospitals, and banks, provide services that would have a serious impact on the functioning of the state, economy, or society in case of disruption. Therefore, they are subject to stricter cybersecurity requirements.




    Financial markets


    Water management

    Digital infrastructure and services

    Public administration

    Space industry

  • Entities of Important Significance

    This category includes organizations such as postal services, waste management, and manufacturing companies. While a disruption of their services would have a smaller impact, it still poses a risk to cybersecurity. Therefore, these entities also need to adhere to certain security measures.


    Postal and courier services

    Waste management

    Chemical industry

    Manufacturing industry

Did you find yourself in one of the affected areas?

or contact us by email at

What are the obligations for entities
of essential and important significance?

The cybersecurity requirements differ for these two types of entities.

Entities of Essential Significance are subject to stricter rules due to the potentially serious impact of disruptions to their services.

Obligations for entities of essential significance

  • Compliance with all requirements of the NIS 2 Directive.
  • Reporting all security incidents, regardless of severity.
  • Monitoring warnings from the National Cyber Security Centre (NCIB) and proactively responding to threats.
  • Subject to oversight by the NCIB.
  • Data and information must be processed on servers within the designated region.
  • Assessing the cybersecurity measures of critical suppliers is mandatory.

Obligations for entities of important significance

  • Compliance with selected requirements of the NIS 2 Directive.
  • Reporting only significant security incidents.
  • Monitoring warnings from NCIS is not mandatory.
  • Subject to oversight by a certified NUCIB inspector.
  • Data and information do not need to be processed on servers within the designated region.
  • Assessing the cybersecurity measures of suppliers is not a requirement.

Benefits of the NIS 2 Directive

The NIS 2 Directive offers extensive benefits for companies of various sizes and sectors in terms of cybersecurity protection in the EU:

  • Protection of Sensitive Information and Systems

    NIS 2 establishes strict cybersecurity requirements, helping companies protect their sensitive data and systems from cyberattacks.
  • Resilience to Threats

    By implementing the NIS 2 Directive, companies will strengthen their resilience to cyber threats and be better prepared to manage and respond to cyberattacks.
  • Compliance with Legislation

    NIS 2 defines clear cybersecurity requirements that companies must meet. By adhering to these requirements, companies will avoid fines and penalties for non-compliance with legal obligations.
  • Enhanced Reputation

    Compliance with the NIS 2 Directive demonstrates a company’s commitment to data protection and cybersecurity, thereby enhancing its reputation with customers, partners, and investors.
  • Prevention of Financial Losses

    Cyberattacks can cause significant financial losses for companies due to operational disruptions, data theft, and ransom demands. Implementing NIS 2 will help companies prevent cyberattacks and minimize their financial impacts.
  • Government Support

    The NIS 2 Directive also provides companies with state support in the form of access to national resources and expert knowledge in cybersecurity. In the event of a cyber incident, companies will not be alone and can seek help from governmental authorities.
  • Increased Trustworthiness

    By adhering to the strict security measures of the NIS 2 Directive, companies will gain the trust of customers and partners, making them more willing to share sensitive information.
  • Level Playing Field

    The NIS 2 Directive creates a unified cybersecurity framework for the entire EU. This levels the playing field for businesses and eliminates competitive advantages for companies that have previously avoided investing in cybersecurity.

Challenges of the NIS 2 Directive

While the NIS 2 Directive offers many benefits, its implementation is

also full of challenges, and that’s why it’s good to have a reliable partner like VNET by your side:

Obligations for Entities of Essential Significance

  • Complexity of Implementation

    The requirements of the NIS 2 Directive can be challenging for companies, especially smaller ones with limited resources, to understand and implement.
  • Implementation Costs

    Adhering to new security measures requires investments in technologies, personnel, and professional training.
  • Shortage of Experts

    The cybersecurity market suffers from a shortage of qualified professionals. This can pose a problem for companies in implementing and maintaining the required security measures.
  • Need for International Cooperation

    The success of the NIS 2 Directive also depends on effective cooperation between EU states in information sharing and coordinated responses to cyber threats.