EU Directive 2022/2555 — Network and Information Security Directive 2. OneComply supports cybersecurity risk management, incident timelines, and supply-chain evidence for essential and important entities.
The NIS2 Directive (EU 2022/2555) is the EU's updated framework for achieving a high common level of cybersecurity across member states. It significantly expands the scope of the original NIS Directive, covering more sectors and imposing stricter requirements.
NIS2 applies to essential entities (energy, transport, banking, health, digital infrastructure) and important entities (postal services, waste management, manufacturing, digital providers). Organizations must implement risk management measures under Article 21 and report significant incidents within strict timelines.
Member states were required to transpose NIS2 into national law by 17 October 2024. Management bodies can be held personally liable for non-compliance, with fines up to EUR 10 million or 2% of global turnover for essential entities.
18
Sectors Covered
24h
Early Warning
72h
Incident Report
From scattered evidence to structured readiness. See how OneComply maps NIS2 security measures, incident readiness, and supply-chain evidence.
| Workflow | Manual Process | With OneComply | Time Saved |
|---|---|---|---|
| Risk Management Assessment | 2–3 weeks | 2 hours | 90% |
| Incident Reporting (24h/72h) | 4–8 hours scramble | 15 minutes | 95% |
| Supply Chain Assessment | 1–2 weeks per supplier | 30 minutes | 95% |
| Cybersecurity Policy Suite | 2–3 months | 1 week | 75% |
| Board Reporting | 1–2 days | 30 minutes | 85% |
Comprehensive NIS2 coverage across all three key compliance areas with 45 pre-mapped controls.
25 mapped controls
10 mapped controls
10 mapped controls
NIS2 introduces significant penalties with personal liability for management bodies.
Essential Entities
€10M / 2%
Up to €10 million or 2% of total annual worldwide turnover, whichever is higher.
Important Entities
€7M / 1.4%
Up to €7 million or 1.4% of total annual worldwide turnover, whichever is higher.
Personal Liability
Management
Management bodies can be held personally liable. Board members must approve and oversee cybersecurity measures.
Essential Entities
Large entities in high-criticality sectors: energy, transport, banking, financial market infrastructure, health, drinking water, digital infrastructure, ICT service management, public administration, and space.
Important Entities
Medium/large entities in other critical sectors: postal services, waste management, chemicals, food, manufacturing, digital providers, and research organisations.
18
Sectors covered
~160K
Entities in scope (est.)
27
EU member states
Prepare NIS2 evidence for security measures, incident readiness, and supply-chain oversight while leaving national legal interpretation to your compliance team.