Network Information Security 2 Directive (NIS2)

Stay compliant with the NIS2 Directive EU legislation enhancing cybersecurity resilience for essential and important entities across digital infrastructure and critical sectors.

Reliable and Accredited NIS2

What is the NIS2 Directive and how do you comply with it?

The Network Information Security 2 Directive (NIS2) is European Union (EU) legislation issued by the EU Parliament and Council which entered into force on 16th January 2023. All members states are required to transpose the provisions into national law from 17th October 2024. The aim of the directive is to introduce a high common level of cybersecurity across all EU members states. As a result, entities considered in scope within critical sectors will be required to comply with all relevant NIS2 provisions. This includes having in place acceptable cybersecurity controls across Governance, Cybersecurity risk-management measures and Incident Reporting Obligations. Failure to comply with the provisions may lead to regulatory fines for essential entities of €10,000,000 or 2% of the global annual revenue, whichever is higher or for important entities of €7,000,000 or 1,4% of the global annual revenue, whichever is higher. Therefore, it is important for organisations to understand their compliance position against NIS2.

Who is required to comply with the Directive?

NIS2 is applicable to medium and large organisations in essential and important sectors throughout the EU. Essential sectors include energy, transport, health, banking, financial market infrastructure, digital infrastructure, and public administration. Important sectors include postal, water management, and food. Organisations which have more than 50 employees or more than 10 million euros revenue are in scope for NIS2, although some smaller organisations may also be in scope.

Client Challange

The client is an EU based entity and has limited guidance from their member state of explicit expectations for NIS2 compliance what exactly is required and how they can be confident they are in a compliant position.

NIS2 requirements are high level and there is a lack of clarity on explicit regulatory compliance expectations.

Clarity on Applicability

The legislation is extensive and it challenging to understand what articles are applicable to our organisation and if we are in scope.

How Dionach can help you

NIS2 Gap Assessment

A NIS2 Gap Assessment which assesses your organisations cyber controls against the NIS2 requirements to identify your current compliance position.

NIS2 Compliance Roadmap

Defined remediation plans for any gaps identified during the Gap Assessment with advisory services to help your close gaps within an acceptable timeframe.

Need help with cyber security solutions? We are experts!

Contact us

Features of our NIS2 Gap Assessment

Proactive Methodology

Our assessment demonstrates to regulators that you have methodologically acted on NIS2 requirements and are clear on your compliance position.

Leverage Existing Certifications

We will leverage any current control information you have such as ISO 27001 certifications or SOC2 reports to avoid any rework and reduce stakeholder meetings and effort.

Traceable Requirements

Our assessment deliverables will provide you with a fully traceable requirements to controls document aligned with industry-based frameworks.

Roadmap to Compliance

For any gaps noted during our assessment we will work with you to develop remediation plans that will help you meet NIS2 requirements.

Client NIS2 Compliance Scenario

Challange

A German based Banking institution is seeking to define its regulatory compliance positions more clearly as regulator oversight is increasing across the European Union. The institution is unable to ascertain their current NIS2 compliance position and is keen to gain clarity on how compliance can be achieved to a level that could satisfy the regulator.

Solutions

The Banking institution retained Dionach to complete a NIS2 Assessment. Dionach met with the team to understand prior assessments completed on cyber controls and identify key stakeholders. Dionach leveraged a prior NIST based cyber maturity assessment to reconcile current controls against NIS2 requirements. Additionally, the incident response plan and associated documentation was reviewed to understand reporting time requirements and criticality definitions.

Results

Dionach delivered a NIS2 Gap Assessment Report which gave the client a detailed view of its compliance position against the NIS2 requirements. Several control gaps were identified during the assessment and the report articulated remediation plans for the gaps. The Banking institution were now in a position where they understood controls gaps to be closed before they could meet NIS2 requirements. The client was confident in their NIS2 position now having a documented assessment and clear methodological approach to NIS2 compliance.

How We Work

We deliver the whole spectrum of cyber security services, from long-term, enterprise wide strategy and implementation projects to single penetration tests.

Our team works with you to identify and assess your organisation’s vulnerabilities, deﬁne enterprise-wide goals, and advise how best to achieve them.

Our recommendations are clear, concise, pragmatic and tailored to your organisation.

Independent, unbiased, personalised – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

Our recommendations are clear, concise, pragmatic and tailored to your organisation.

Independent, unbiased, personalised – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

Follow us

Facebook-f X-twitter Instagram Linkedin-in

Find out how we can help with your cyber challenge

Discover Our Latest Research

Changes in the Swift CSCF 2025: What You Need to Know
The Swift CSCF is a set of mandatory and advisory security controls designed to protect the global financial community against cyber threats. Banks, payment processors, and other organisations on the Swift network need to implement these controls to keep their operations secure and compliant. Each year, Swift updates the framework to address emerging threats and […]
Read More
ISO 27001:2022 Deadline: What You Need to Know Before October 2025
As organisations continue to navigate the ever-evolving landscape of cybersecurity and data privacy, protecting sensitive information is no longer optional – it is a necessity. ISO/IEC 27001 is the internationally recognised standard for Information Security Management Systems (ISMS), providing a systematic framework to safeguard data, mitigate risks, and demonstrate trustworthiness to stakeholders. It defines the […]
Read More
Gambling Commission ISO 27001
The Gambling Commission requires that all license holders comply with the Remote Gambling and Software Technical Standards (RTS) and that annual security audits are carried out by an independent, qualified security specialist. In May 2024, the Gambling Commission updated its Remote Gambling and Software Technical Standards (RTS) to align with ISO 27001:2022. The key changes […]
Read More

Dionach is a CREST-approved global provider of information security solutions with a wealth of globally recognised certifications including PCI QSA, and ISO 27001. For over two decades, public and private sector organisations across the world have relied on our services to protect their information assets and minimise cyber risk.

T: +44 (0)1865 877830
E: [email protected]

The Company

About Us
Research
Resources
Careers

Services

Assurance
Compliance
Response
Healthcare

Stay up to date

Facebook-f X-twitter Linkedin-in Instagram

Contact Privacy Policy Terms and Conditions

Contact Us

Contact Us Reach out to one of our cyber experts and we will arrange a call