European Union — transposed into member-state law.

NIS2

NIS2 Directive (EU Network and Information Security)

Applies to

Essential and important entities across 18 sectors (energy, transport, banking, health, digital infrastructure, public administration, and more). Significantly expanded scope vs NIS1.

Creates urgency when

Member-state transposition deadline, incident-reporting obligation triggers, or supply-chain flow-down from a NIS2-regulated customer.

Evidence burden

Risk management measures, incident reporting (24-hour early warning), supply-chain security, and executive accountability. Significant fines for non-compliance.

Buying-committee effect

Pulls executive leadership in directly — board accountability is part of the directive. Brings legal, risk, and country-specific compliance teams into the deal.

GTM angle

Sold as board-level accountability infrastructure for EU-operating organisations. The compliance threshold is broader than most realise; many mid-market companies discover they are in scope only when a customer flows down the requirement.