The NIS2 Directive: How far does it reach?

The EU’s NIS2 Directive is a major cybersecurity legislation effort aiming to update and solidify cybersecurity rules across member states. Set to be transposed into national law by October 17, 2024, the directive outlines extensive requirements for entities regarding cyber governance and risk management measures. It also specifies incident reporting deadlines and identifies types of entities considered either “essential” or “important” under the directive. The directive applies broadly, with varying extra-territorial reach, based on entity type.