NIS2 compliance guides, documentation, and resources for Essential and Important Entities.
Getting Started
New to NIS2? Start here.
2 articles
Entities & Scope
Understand who is covered by NIS2.
1 article
Security Measures
Article 21 technical and organisational measures.
Incident Response
Reporting obligations and incident management.
Compliance Guides
Step-by-step implementation guides.
3 articles
Governance & Accountability
Board responsibilities and management accountability.
A comprehensive introduction to the EU NIS2 Directive — why it was created, who it applies to, and what obligations it imposes on covered entities.
Learn the difference between Essential and Important entities under NIS2, how size thresholds work, and what obligations apply to each tier.
A detailed breakdown of every security measure required by Article 21 of NIS2 — what each measure means and how to implement it in practice.
A practical guide to NIS2's incident reporting obligations — what counts as a significant incident, the three reporting stages, and what information to include in each report.
How to assess supplier cybersecurity risk, what to include in supplier contracts, and how to build an ongoing supplier monitoring programme that satisfies NIS2 Article 21(2)(d).
A practical, sequenced roadmap for achieving NIS2 compliance — from initial scoping through ongoing monitoring — with estimated timelines for each step.
Understanding the NIS2 enforcement regime — maximum fines, additional sanctions, management personal liability, and how national authorities will enforce the directive.
A step-by-step methodology for assessing your current cybersecurity posture against NIS2 requirements — including scoring frameworks and remediation prioritisation.
How NIS2 Article 20 creates direct obligations for boards and senior management — including mandatory training, personal liability, and what governing bodies must actually do.
A comprehensive comparison of what changed between the original NIS Directive and NIS2 — covering scope, sectors, fines, enforcement, and new obligations that did not exist under NIS1.
