NIS2 impacts all entities providing essential or significant services to the European economy and society, including both companies and suppliers. We strongly advise you to thoroughly evaluate the following categories to determine if NIS2 applies to your organization.
If your organization falls into any of the categories listed below, NIS2 applies to you. In this case, we recommend that you familiarize yourself with the sector-specific cybersecurity challenges through the links provided, as well as the general NIS2 requirements.
Size threshold: varies by sector, but generally 250 employees, annual turnover of โฌ 50 million or balance sheet of โฌ 43 million
Powering millions of homes, businesses, and transportation systems, the European energy sector is regarded as highly critical infrastructure.
Given its critical importance, the energy sector is especially vulnerable to the NIS2 Directive. This directive, aimed at protecting essential public services, targets the energy sector due to its susceptibility to cyberattacks. Consequently, it mandates specific measures for energy companies to secure their networks and information systems.
Employing nearly 10 million people, Europeโs transport sector provides the infrastructure and services that connect people and businesses. From urban public transportation systems to rural roads and inter-regional air travel, this sector is a cornerstone of modern society and the economy.
Under the forthcoming NIS2 Directive, the transport sector is deemed essential due to the potential for significant societal disruption if it faces major interruptions.
Comprising institutions like banks, investment firms, and insurance companies that manage and facilitate the flow of capital, the finance sector is vital to the European economy.
In recent years, this sector has faced growing regulatory scrutiny aimed at enhancing its stability and resilience. The upcoming implementation of the NIS2 Directive is one such measure poised to significantly impact the sector.
A crucial pillar of European society, the public administration sector delivers essential services including social services, public safety, economic regulation, and political representation.
Handling vast amounts of sensitive information, these organizations are highly vulnerable to cyberattacks. Recognizing this criticality, the NIS2 Directive designates the public administration sector as an โessential entity,โ underscoring the need to protect it against cyber threats.
Encompassing public and private healthcare providers, medical equipment and pharmaceutical manufacturers, medical insurance companies, and other vital health-related services, the healthcare sector is a cornerstone of European society and the economy.
Due to the potential for life-threatening consequences in the event of a cyberattack, the sector is classified as essential under the NIS2 Directive. This designation subjects it to the directiveโs strictest requirements and obligations.
Integral to the modern economy, the space sector is vital for telecommunications, navigation, and national security.
However, its significance also makes it a prime target for cyber threats and attacks. Cybercriminals may aim to access sensitive data or disrupt critical systems, leading to severe consequences. Consequently, the NIS2 Directive designates the space sector as an essential entity, subjecting it to its most stringent cybersecurity requirements.
Responsible for delivering clean and safe water to communities and managing wastewater treatment, the water supply sector is vital. Given that any disruption to this service could have severe real-life consequences, the NIS2 Directive designates it as an โessentialโ sector.
Digital infrastructure forms the backbone of the modern economy.
As our reliance on digital technologies increases, data centers have become crucial to societal functions, making them high-value targets for malicious actors intent on causing disruption. Recognizing this, the NIS2 Directive classifies operators in the digital infrastructure sector as essential entities.
Size threshold: varies by sector, but generally 50 employees, annual turnover of โฌ 10 million or balance sheet of โฌ 10 million
The postal sector comprises a variety of organizations, from national postal services to specialized courier companies, responsible for delivering mail and parcels.
With the growing dependence on digital systems and networks for managing and delivering services, this sector has become more vulnerable to cyber threats. Consequently, the NIS2 Directive recognizes the postal sector as an important entity, requiring organizations within this sector to enhance their cybersecurity measures to ensure robustness and resilience.
Essential for public health, environmental protection, and sustainability, the waste management sector is a vital component of the European economy. Covering activities such as waste collection, transportation, treatment, and disposal, the sector is vulnerable to cyberattacks that could significantly disrupt its critical operations.
Under the NIS2 Directive, the waste management industry is now subject to heightened cybersecurity requirements to safeguard against such threats.
Europeโs chemical industry stands as one of the largest manufacturing sectors, driving innovation with materials and technological solutions crucial to Europeโs industrial competitiveness. It encompasses the production of diverse chemicals, from petrochemicals and polymers to basic inorganics, specialties, and consumer chemicals.
Given its essential role in supporting industries like construction, agriculture, transportation, and energy, the chemical sector is recognized as critical infrastructure. Disruptions to chemical supply chains could lead to significant societal consequences, making the sector a prime target for cyberattacks. As a result, it is classified as an โimportant entityโ under the NIS2 Directive.
Playing a crucial role in driving innovation and advancement, the research sector is a prime target for cybercriminals aiming to pilfer sensitive research data or undermine critical systems.
Acknowledging its significance, the new NIS2 Directive designates the research sector as critical infrastructure, imposing tailored cybersecurity mandates to ensure its protection.
Within the European Union, the food sector stands as one of the largest and most critical industries, encompassing farming, food processing, packaging, transportation, and retail sales. As digitalization and connectivity expand across the sector, it faces heightened vulnerability to cyber threats.
Acknowledging these risks, the NIS2 directive classifies the food sector as an "important entity," emphasizing the need for enhanced cybersecurity measures to safeguard its operations.
Integral to the European economy, the manufacturing sector spans from small-scale production to large-scale industrial processes.
With the rise of digitization and interconnectedness, the sector is increasingly vulnerable to cybersecurity threats that could potentially impact public health and safety. Recognizing these challenges, the NIS2 directive designates manufacturing as an โimportant entityโ and introduces new cybersecurity requirements that organizations within this sector must adhere to.
The digital providers sector is a diverse and rapidly evolving industry that includes companies offering a wide array of digital products and services, such as search engines, online marketplaces, and social networks. These services have fundamentally changed how individuals and businesses interact, conduct transactions, and access information online, playing a pivotal role in the modern digital economy.
Under the NIS2 Directive, services within this sector are classified as critical entities.
Meet with Matt and book a free 15-min call below to better understand how to implement NIS 2 compliance in your company
Curated by NIS2Compliant.org, this page provides publicly-sourced information on everything related to the upcoming NIS2 Directive. Presented in a clear and concise manner for easy consumption.
ย
Disclaimer
The information provided on this website is intended for educational and informational purposes only. The content is not intended to be a substitute for professional advice or any other legal advisory, service, etc. The site’s administrators and contributors make no representations or warranties of the information on the site. Any reliance you place on such information is therefore strictly at your own risk.
Copyright By Nis2Compliant.org
