Bottom line: The NIS2 Directive covers approximately 30,000 additional companies that must align their cybersecurity governance and technical controls with EU-wide standards.
The EU’s NIS2 Directive is forcing around 30,000 companies in Europe to fundamentally revise their cybersecurity measures and implement new regulatory requirements.
The European Union’s NIS2 Directive (Network and Information Security) significantly expands the scope of previous NIS regulations. While the original NIS Directive of 2016 primarily obligated operators of critical infrastructure and certain digital service providers, NIS2 now covers approximately 30,000 additional companies in EU member states that are considered operators of essential or important services or exercise critical functions in their sector.
For security officers, this means concrete obligations: companies must review their information security management systems, systematically assess risks, implement technical and organizational safeguards, and document and report incidents. The directive establishes significantly higher standards than before – such as multi-factor authentication, encryption, network segmentation, and supply chain security.
Implementation of the NIS2 Directive into national law is proceeding in stages, with different deadlines depending on the member state. CISOs and their teams must therefore engage promptly with the directive and their national implementing laws to identify compliance gaps and plan necessary investments in systems and processes.
Source: news.google.com · Published 15 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.1.