Your Guide to Staying Ahead in the EU Digital Space

What is NIS2?

NIS2 is the sequel (pun intended!) to the Network and Information Systems Directive (NIS1). It’s a new EU directive aimed at strengthening cybersecurity across the European Union. Think of it as the EU’s way of saying, “Hey, let’s all be super cyber-secure, okay?”

EE and IE: What Do They Mean?

Essential Entities (EE)

These are entities that play a crucial role in maintaining vital societal and economic activities. They’re the backbone of the digital world, so to speak. If you’re an EE, the spotlight’s on you to take the lead in cybersecurity.

  • Energy
  • Transport
  • Banking
  • Financial market infrastructure
  • Health
  • Drinking water
  • Waste water
  • Digital infrastructure – cloud providers, data centers, DNS, etc.
  • ICT service management (B2B): Managed service providers and Managed Security Service Providers
  • Public administration
  • Space

Important Entities (IE) IEs are also significant but not quite as critical as EEs. Nonetheless, failure in their systems could have a domino effect on the overall digital infrastructure. So, if you’re categorized as an IE, don’t think you’re off the hook!

  • Postal and courrier services;
  • Waste management;
  • Manufacture, production and distribution of chemicals;
  • Food production, processing and distribution; Manufacturing of:
  • medical devices and in vitro diagnostic medical devices
  • computer, electronic and optical products
  • electrical equipment
  • machinery and equipment n.e.c.
  • motor vehicles, trailers and semi-trailers
  • other transport equipment Digital providers of:
  • online marketplaces
  • online search engines
  • social networking services platform

Who Should Be Listening?

1. Chief Information Security Officers (CISOs): You’re the generals in this digital army. 2. Data Protection Officers (DPOs): You’re the strategists. 3. Legal Departments: You’re the rule-makers and rule-keepers.

What’s New in NIS2?

Expanded Scope The NIS2 directive expands the scope to include more sectors and digital services. So, even if you dodged the NIS1 bullet, NIS2 might have you in its crosshairs. Stricter Requirements The new guidelines are tighter than a pair of skinny jeans. They include risk management practices, incident reporting, and more. Cross-border Collaboration NIS2 encourages EU member states to play nice and share information about cyber threats. A united cyber front, if you will.

How to Prepare for NIS2?

1. Assess Your Risks Know thy enemy and yourself. Conduct risk assessments to identify vulnerabilities and threats. 2. Update Security Measures Out with the old, in with the new. Make sure your security measures are up-to-date and aligned with NIS2 requirements. 3. Stay Informed Keep up with the latest guidelines and best practices. Remember, knowledge is your lightsaber in the battle against cyber threats


Mark September 2024 on your calendar! That’s when EU Member States are expected to transpose NIS2 into their national laws. Start your prep now to stay ahead of the curve!


That’s a warp-speed tour of NIS2 for you. The key takeaway? Start preparing now to ensure you’re not left in the digital dust when NIS2 becomes the new law of the land.

Your Next Steps: A Special Invitation from Citadelo Navigating the complexities of NIS2 can be overwhelming. That’s why Citadelo is here to guide you. From risk assessment to ensuring compliance, we’ve got you covered. Ready to embark on a secure digital voyage? Contact Citadelo today! 👉 Connect with Citadelo

About the author

Citadelo is a firm of ethical hackers on your side. We think like hackers, but we don't abuse it. On the contrary, our main goal is to reveal vulnerabilities without causing damage. We have been conducting simulated attacks for our clients since 2006
Show more from author

Related blogs