My favourites

Chapter I – General provisions (Art. 1-6)

Art. 1 NIS2 - Subject matter arrow_right_alt

  1. This Directive lays down measures that aim to achieve a high common level of cybersecurity across the Union, with a view to improving the functioning of the internal market.
  2. To that end, this Directive lays down:
    1. obligations that require Member States to adopt national cybersecurity strategies and to designate or establish competent authorities, cyber crisis management authorities, single points of contact on cybersecurity (single points of contact) and computer security incident response teams (CSIRTs);
    2. cybersecurity risk-management measures and reporting obligations for entities of a type referred to in Annex I or II as well as for entities identified as critical entities under Directive (EU) 2022/2557;
    3. rules and obligations on cybersecurity information sharing;
    4. supervisory and enforcement obligations on Member States.
Close tabsclose
  • 6

Recital 6

With the repeal of Directive (EU) 2016/1148, the scope of application by sectors should be extended to a larger part of the economy to provide a comprehensive coverage of sectors and services of vital importance to key societal and economic activities in the internal market. In particular, this Directive aims to overcome the shortcomings of the differentiation between operators of essential services and digital service providers, which has been proven to be obsolete, since it does not reflect the importance of the sectors or services for the societal and economic activities in the internal market.

Art. 2 NIS2 - Scope arrow_right_alt

Art. 3 NIS2 - Essential and important entities arrow_right_alt

Art. 4 NIS2 - Sector-specific Union legal acts arrow_right_alt

Art. 5 NIS2 - Minimum harmonisation arrow_right_alt

Art. 6 NIS2 - Definitions arrow_right_alt