Network and Information Security Directive 2
The EU directive that replaced the original NIS Directive and dramatically expanded cybersecurity obligations across essential and important sectors like energy, health, transport, and digital infrastructure. It requires risk management measures, incident reporting within tight deadlines, and holds management bodies personally accountable. Member states transposed it into national law starting in 2024, making it the EU's baseline cybersecurity regime.