Skip to content

NIS2 Directive: Implementation Deadline for Millions of Enterprises until July

At a glance: The NIS2 Directive requires millions of enterprises to implement new cybersecurity standards from July onwards, significantly expanding the scope of affected organizations.

The EU Directive NIS2 (Network and Information Security) will take effect by July and requires millions of enterprises to implement new cybersecurity standards. For CISOs, this means concrete requirements for governance, incident response and risk management.

The NIS2 Directive redefines information security in the European Union and significantly expands the scope of affected organizations. While the first NIS Directive primarily focused on critical infrastructures, NIS2 now also covers enterprises from broadly defined sectors such as energy, transport, health, digital infrastructure and other areas with critical dependencies.

The Directive requires affected organizations to maintain a high level of security in governance, risk management and incident response. Specifically, enterprises must protect their IT systems, report security incidents within defined timeframes and involve management in security matters. The appointment of cybersecurity officials or the documentation of security measures are also among the requirements.

For CISOs and security officers, the implementation deadline of July represents a tight timeframe in which to plan, implement and document compliance measures. This affects organizations in all affected sectors and requires coordination with management, IT teams and legal departments.


Source: news.google.com · Published 6 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: