EU Cybersecurity

NIS2 Directive — EU Cybersecurity for Essential Services

The NIS2 Directive expands EU cybersecurity obligations to essential and important entities. Norivo maps ~40 requirements across 10 security domains with 70-80% overlap to ISO 27001.

Get Started Book a Demo

~40Requirements

10Security Domains

€10MMax Penalty

Enforcement Timeline

Oct 2024

Member state transposition deadline

Apr 2025

Entity registration required

Oct 2025

Full enforcement begins

What is NIS2 Directive?

The NIS2 Directive (Network and Information Security Directive 2) is the EU's updated cybersecurity legislation that significantly expands the scope and obligations of the original NIS Directive. It applies to essential entities (energy, transport, healthcare, digital infrastructure) and important entities (manufacturing, food, chemicals, digital services).

NIS2 requires organisations to implement comprehensive cybersecurity risk management measures across 10 domains, including incident handling, business continuity, supply chain security, and vulnerability management. Member states must transpose the directive into national law.

Penalties for non-compliance are significant: up to €10 million or 2% of global turnover for essential entities, and €7 million or 1.4% for important entities. The directive also introduces personal liability for management bodies who fail to approve and oversee cybersecurity measures.

70-80% overlap with ISO 27001 — if you're already certified, NIS2 compliance is significantly faster with Norivo.

Why Norivo for NIS2 Directive?

ISO 27001 Overlap Mapping

70-80% of NIS2 requirements map directly to ISO 27001 controls. Norivo identifies the overlap and shows only what additional work is needed.

Incident Response Ready

NIS2 requires 24-hour incident notification. Norivo provides incident response workflows and templates for rapid regulatory reporting.

Supply Chain Risk

Nora assesses your supply chain security posture against NIS2 requirements and identifies vendor risk gaps automatically.

Key Requirements

Risk analysis and information system security policies

Incident handling and response procedures

Business continuity and crisis management

Supply chain security management

Security in network and information systems

Vulnerability handling and disclosure

Cybersecurity risk management assessment

Encryption and cryptography policies

Human resources security and access control

Multi-factor authentication and secure communications

Entity registration with competent authorities

Management body approval and oversight

How Norivo Helps

Determine your entity classification

Norivo's classification wizard determines whether you're an essential or important entity based on your sector, size, and services.

Map ISO 27001 overlap

Already ISO 27001 certified? Norivo maps the 70-80% overlap and identifies only the additional NIS2-specific requirements.

Implement and evidence

Follow guided workflows for incident handling, supply chain security, and business continuity. Auto-collect evidence from integrations.

Register and report

Generate registration documentation for competent authorities. Prepare incident notification templates for the 24-hour reporting window.

Get NIS2 Directive Compliant

Get set up by our team in under 48 hours.