Question 1

What is the NIS2 Directive?

Accepted Answer

NIS2 (Network and Information Security Directive 2) is a European directive establishing cybersecurity requirements for organizations in critical sectors. It replaces the NIS1 directive from 2016, bringing stricter requirements and an expanded scope. Each EU member state transposes NIS2 into national law.

Question 2

Who needs to comply with NIS2?

Accepted Answer

NIS2 applies to two categories: essential entities (energy, transport, banking, healthcare, etc. with over 250 employees or turnover over 50M EUR) and important entities (postal services, waste management, manufacturing, etc. with over 50 employees or turnover over 10M EUR). There are also exceptions for smaller entities providing critical services.

Question 3

What are the penalties for NIS2 non-compliance?

Accepted Answer

Fines can reach up to 10 million EUR or 2% of global annual turnover for essential entities, and 7 million EUR or 1.4% of turnover for important entities. Additionally, management can be personally sanctioned, including temporary bans from holding management positions.

Question 4

When must organizations register under NIS2?

Accepted Answer

Registration deadlines vary by EU member state. Organizations must register with their national competent authority (e.g., DNSC in Romania, BSI in Germany, ANSSI in France). Check with your national authority for specific deadlines. Registration typically requires information about the organization, services provided, and the NIS contact person.

Question 5

What are the NIS2 incident reporting requirements?

Accepted Answer

Significant incidents must be reported to the competent authority within 24 hours (early warning), 72 hours (full notification), and a final report within 1 month. Annual compliance reports are also required.

Question 6

What security measures are mandatory under NIS2?

Accepted Answer

NIS2 requires implementing technical and organizational measures for risk management, including: security policies, incident management, business continuity, supply chain security, cryptography, access control, and vulnerability management.

Question 7

How can NIS2 Manager help?

Accepted Answer

NIS2 Manager is a platform that simplifies the NIS2 compliance process. It offers: free eligibility calculator, self-assessment with 140+ security controls, automatic document and report generation, evidence management, deadline notifications, AI assistant for guidance, and authority registration preparation.

Question 8

How much does NIS2 Manager cost?

Accepted Answer

NIS2 Manager offers multiple plans: a free plan with basic functionality, and paid plans for medium and large organizations with advanced features. Visit the pricing page for current details.

Question 9

What are national competent authorities?

Accepted Answer

Each EU member state has designated a national competent authority responsible for NIS2 implementation. Examples include DNSC (Romania), BSI (Germany), ANSSI (France), NCSC (Netherlands), and CCB (Belgium). These authorities receive entity registrations, manage incident reports, and may conduct compliance audits.

Question 10

What happens if I don't comply in time?

Accepted Answer

Non-compliance can lead to substantial fines (up to 10M EUR or 2% of turnover), personal liability for management, remediation orders from authorities, reputational damage, and in serious cases, suspension of operating permits.

NIS2 Questions Answered

Still have questions?