In a nutshell: 29,000 companies have until July 31 to register under NIS2 and formally demonstrate their cybersecurity measures.
Approximately 29,000 companies must register under the NIS2 Directive by July 31. The deadline is binding and affects operators of critical infrastructures as well as large enterprises within the scope of the new EU cybersecurity directive.
The registration deadline for the NIS2 Directive (Network and Information Security 2) expires on July 31. Approximately 29,000 companies that qualify as critical infrastructure operators or large enterprises are required to register with the competent authorities and document their security measures.
For CISOs, the registration requirement means concrete action steps: In addition to administrative registration, evidence of established security mechanisms must be provided. The NIS2 Directive prescribes minimum standards for incident reporting, network segmentation and cryptography. Companies that have not yet met these requirements must implement or document appropriate controls in the short term.
Failure to register or inadequate compliance with requirements can result in regulatory sanctions. CISOs should simultaneously verify whether their organization falls within the scope of applicability and which specific requirements apply to their industry – this varies between energy, telecommunications, water and wastewater sectors, and other sectors.
Source: news.google.com · Published June 20, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.