Back to Blog
NIS 2

NIS 2 Directive: What Your Organization Needs to Know

Dariusz Zalewski
Dariusz Zalewski
Founder & CEO
December 15, 202513 min read
NIS 2 Directive: What Your Organization Needs to Know

Key Takeaways

  • 1 NIS 2 expands scope to cover 18 sectors and many more organizations
  • 2 Fines up to €10M or 2% of global turnover for essential entities
  • 3 Management liability is new-executives can be held personally responsible
  • 4 Member states must transpose by October 17, 2024

Who's Affected by NIS 2?

Essential Entities

  • • Energy (electricity, oil, gas, hydrogen)
  • • Transport (air, rail, water, road)
  • • Banking & Financial Infrastructure
  • • Health sector
  • • Drinking & Waste water
  • • Digital Infrastructure
  • • ICT Service Management (B2B)
  • • Public administration
  • • Space

Important Entities

  • • Postal & Courier services
  • • Waste management
  • • Chemical manufacturing
  • • Food production & distribution
  • • Manufacturing (medical devices, electronics, etc.)
  • • Digital providers (marketplaces, search, social)
  • • Research organizations

Size Thresholds

Size Employees Turnover In Scope?
Large 250+ €50M+ Yes
Medium 50-249 €10M-50M Yes
Small/Micro <50 <€10M Sometimes*

*Small entities may still be in scope if they're deemed critical by member states or operate in certain digital infrastructure sectors.

Key Requirements

Risk Management Measures

Risk analysis and security policies
Incident handling
Business continuity
Supply chain security
Network security
Vulnerability handling
Cybersecurity training
Cryptography & encryption

Incident Reporting Timeline

24h
Early warning
72h
Full notification
1 month
Final report

Management Accountability

⚠️ New Personal Liability

NIS 2 introduces personal liability for management bodies. Board members and executives can be held responsible for:

  • • Approving cybersecurity risk measures
  • • Overseeing implementation
  • • Undergoing cybersecurity training
  • • Ensuring staff training

Prepare for NIS 2 compliance

Meewco maps NIS 2 requirements to actionable controls and tracks your compliance status.

Dariusz Zalewski

About Dariusz Zalewski

Founder and CEO of Meewco. With over 15 years of experience in information security and compliance, Dariusz helps organizations build robust security programs and achieve their compliance goals.

Related Articles

NIS 2 Directive Compliance Guide 2026: Who's Affected and What You Must Do
NIS 2

NIS 2 Directive Compliance Guide 2026: Who's Affected and What You Must Do

Vendor Assessment Explained: ISO 27001 & NIS 2 Requirements
NIS 2

Vendor Assessment Explained: ISO 27001 & NIS 2 Requirements

Ready to simplify your compliance?

Meewco helps you manage NIS 2 and other frameworks in one unified platform.

Request a Demo