NIS2 Resources

Understand NIS2.

Plain-English guides to the EU's cybersecurity directive: scope, requirements, deadlines and how to get compliant without boiling the ocean.

Fundamentals·7 min read

What is NIS2? A plain-English guide for 2026

NIS2 is the EU's biggest cybersecurity law to date: wider scope, harder requirements, real penalties. Here's what it actually means for your organisation.

Read the guide
Requirements·8 min

NIS2 Article 21: the 10 cybersecurity measures explained

Article 21 is the operational heart of NIS2: ten minimum measures every entity must implement and, crucially, be able to prove.

Requirements·6 min

NIS2 Article 23: the 24-hour and 72-hour reporting deadlines

When a significant incident hits, the NIS2 clock starts immediately. Here's the 24h / 72h / 1-month timeline and how to hit it.

Scope·6 min

Does NIS2 apply to my company? Essential vs important entities

Not sure if you're in scope? Use the sector list and the size-threshold rule to find out, and learn what 'essential' vs 'important' actually changes.

Comparisons·7 min

NIS2 vs DORA: what financial entities need to know

If you're a financial entity, you're likely caught by both NIS2 and DORA. Here's how they fit together, and why you shouldn't run two evidence trails.

Guides·7 min

A NIS2 compliance checklist for 2026

A practical checklist to move from 'we think we're in scope' to 'we can prove it', without boiling the ocean.

Compliance·6 min

NIS2 deadlines and penalties: fines, liability and key dates

NIS2 has teeth. Here are the dates that matter, the fines on the table, and the personal exposure for leadership.

Governance·6 min

NIS2 for the board: management accountability under Article 20

NIS2 makes cybersecurity a boardroom responsibility. Here's what Article 20 actually asks of directors, and what 'evidence' means at that level.

Requirements·6 min

NIS2 supply-chain security: what Article 21 expects

Your security is only as strong as your suppliers'. NIS2 makes that explicit. Here's what supply-chain security actually requires.

Scope·5 min

NIS2 by country: how to check your national transposition

NIS2 is a directive, not a regulation, which means your real obligations live in national law. Here's how to find them.