NIS2

The NIS2 directive (Network and Information Security 2) is the European text that strengthens the cybersecurity level of essential and important entities across 18 sectors (energy, transport, banking, health, digital infrastructure, cloud providers, MSPs…). It replaces the 2016 NIS directive and has been in force since October 2024.

The entities concerned must put in place cyber governance at board level, minimum technical measures (MFA, vulnerability management, software supply-chain security), incident notification within 24/72 hours to the ANSSI (in France) and register with the relevant authority.

Sanctions can reach 10 million euros or 2% of global turnover.