InfoSec

NIS2 Directive: What companies need to know

The NIS2 Directive brings a breath of fresh air to the corporate world in the EU. Especially for companies dealing with critical infrastructure or digital services, the new requirements are a real game changer. But what does that mean in practice? Who is affected, what needs to happen — and how can you turn challenges into opportunities?

Autor
Datum
Updated on
30.9.2025
NIS2 Directive: What companies need to know

Who is affected?

The NIS2 Directive applies to significantly more industries than its predecessor: energy suppliers, telecommunications, transportation, healthcare, food supply, cloud and hosting providers, financial service providers, but also many smaller companies that are part of important supply chains. The new rules apply to everyone who contributes to Europe's digital infrastructure — regardless of company size.

What are the most important requirements?

  • Risk management: Companies must not only identify risks, but also actively manage them. This includes regular risk analyses, the use of modern security technologies and targeted training for employees. This is the only way to identify weak points at an early stage.
  • Reporting: Security incidents must be reported within 24 hours. This requires clear processes and fast, reliable internal communication. Anyone who hesitates here risks fines and damage to their image.
  • Safety measures: Robust protocols are mandatory. This includes firewalls, access controls, emergency plans, and regular updates. Cooperation with external IT experts is also becoming more important.

Der Founder-Guide zur NIS2: Bereite dein Unternehmen jetzt vor

Schütze dein Startup: Entdecke, wie sich NIS2 auf dein Unternehmen auswirken kann und was du jetzt beachten musst. Lies jetzt das kostenlose Whitepaper!

Der Founder-Guide zur NIS2: Bereite dein Unternehmen jetzt vor

Schütze dein Startup: Entdecke, wie sich NIS2 auf dein Unternehmen auswirken kann und was du jetzt beachten musst. Lies jetzt das kostenlose Whitepaper!

Jetzt downloaden
NIS2 Directive: What companies need to know

Challenges for companies

  • Adapting to new standards: Existing safety concepts must be put to the test. This costs time and resources, but is absolutely necessary to meet the increased requirements.
  • Investments: More cyber security means more effort — but also more trust. Anyone who now invests in technologies and know-how is better positioned in the long term and can secure competitive advantages.
  • Shortage of skilled workers: The demand for IT and security experts is increasing. Companies should specifically promote talent and offer continuing education in order to retain know-how in-house.
  • Legal Responsibility: Management has a stronger obligation. Violations may not only result in fines, but also personal liability.

Opportunities for companies

The NIS2 Directive is not only a mandatory program, but also an opportunity to make your own IT strategy fit for the future. Those who act proactively can strengthen the trust of customers and partners, open up new business opportunities and position themselves as a secure provider. The Directive also promotes exchange between companies and public authorities — a plus for the entire sector.

What should companies do now?

  • Analysis of your own processes and infrastructure
  • Building an effective incident response team
  • Investing in modern security technologies
  • Training and raising awareness among employees
  • Establish clear communication channels in case of an emergency

Conclusion

The NIS2 Directive is a wake-up call for companies in Europe. It requires more commitment to cybersecurity, but also rewards with more trust and new opportunities. Those who act now are not only protecting themselves, but also strengthening the entire digital economy.

Bereit, deine Compliance auf Autopilot zu setzen?
Angebot anfordern
Dr Kilian Schmidt

Dr Kilian Schmidt

CEO & Co-Founder, Kertos GmbH

Dr. Kilian Schmidt developed a strong interest in legal processes early on. After studying law, he began his career as Senior Legal Counsel and Data Protection Officer at the Home24 Group. After working at Freshfields Bruckhaus Deringer, he moved to TIER Mobility, where, as General Counsel, he was significantly involved in expanding the legal and public policy department - and grew the company from one to 65 cities and from 50 to 800 employees. Motivated by limited technological advances in the legal sector and inspired by his consulting work at Gorillas Technologies, he co-founded Kertos to develop the next generation of European data protection technology.

About Kertos

Kertos is the modern backbone of the data protection and compliance activities of scaling companies. We enable our customers to implement integrated data protection and information security processes in accordance with GDPR, ISO 27001, TISAX®, SOC2 and many other standards quickly and cheaply through automation.

Ready for relief in GDPR matters?

Request a quoteDiscover the platform
CTA Image

ARTIKEL

Other Articles

The future of cybersecurity in Europe: What comes after NIS2?
InfoSec
All
The future of cybersecurity in Europe: What comes after NIS2?

With the NIS2 Directive, Europe is entering a new era of digital security. But what does the future look like — and what opportunities and challenges does this bring for companies, authorities and society as a whole?

Listen now.
Interpreting and Implementing NIS2 through the Lens of ISO 27001
InfoSec
All
Interpreting and Implementing NIS2 through the Lens of ISO 27001

Most often, NIS2 and ISO 27001 are intertwined together. ISO 27001 touches NIS2 at many key points that facilitate compliance with the latter if the former is achieved.

Listen now.
ISO 27001: The ultimate guide to the gold standard
InfoSec
All
ISO 27001: The ultimate guide to the gold standard

Find out everything about ISO 27001 certification in our ultimate guide: why it is the gold standard for information security, how the process works and what benefits it offers you.

Listen now.