NIS2
NIS2 Directive (EU Network and Information Security)
Essential and important entities across 18 sectors (energy, transport, banking, health, digital infrastructure, public administration, and more). Significantly expanded scope vs NIS1.
Member-state transposition deadline, incident-reporting obligation triggers, or supply-chain flow-down from a NIS2-regulated customer.
Risk management measures, incident reporting (24-hour early warning), supply-chain security, and executive accountability. Significant fines for non-compliance.
Pulls executive leadership in directly — board accountability is part of the directive. Brings legal, risk, and country-specific compliance teams into the deal.
Sold as board-level accountability infrastructure for EU-operating organisations. The compliance threshold is broader than most realise; many mid-market companies discover they are in scope only when a customer flows down the requirement.