Understand NIS2.
Plain-English guides to the EU's cybersecurity directive: scope, requirements, deadlines and how to get compliant without boiling the ocean.
What is NIS2? A plain-English guide for 2026
NIS2 is the EU's biggest cybersecurity law to date: wider scope, harder requirements, real penalties. Here's what it actually means for your organisation.
Read the guideNIS2 Article 21: the 10 cybersecurity measures explained
Article 21 is the operational heart of NIS2: ten minimum measures every entity must implement and, crucially, be able to prove.
NIS2 Article 23: the 24-hour and 72-hour reporting deadlines
When a significant incident hits, the NIS2 clock starts immediately. Here's the 24h / 72h / 1-month timeline and how to hit it.
Does NIS2 apply to my company? Essential vs important entities
Not sure if you're in scope? Use the sector list and the size-threshold rule to find out, and learn what 'essential' vs 'important' actually changes.
NIS2 vs DORA: what financial entities need to know
If you're a financial entity, you're likely caught by both NIS2 and DORA. Here's how they fit together, and why you shouldn't run two evidence trails.
A NIS2 compliance checklist for 2026
A practical checklist to move from 'we think we're in scope' to 'we can prove it', without boiling the ocean.
NIS2 deadlines and penalties: fines, liability and key dates
NIS2 has teeth. Here are the dates that matter, the fines on the table, and the personal exposure for leadership.
NIS2 for the board: management accountability under Article 20
NIS2 makes cybersecurity a boardroom responsibility. Here's what Article 20 actually asks of directors, and what 'evidence' means at that level.
NIS2 supply-chain security: what Article 21 expects
Your security is only as strong as your suppliers'. NIS2 makes that explicit. Here's what supply-chain security actually requires.
NIS2 by country: how to check your national transposition
NIS2 is a directive, not a regulation, which means your real obligations live in national law. Here's how to find them.