Heimdal
5 Best NIS2 Compliance Software and Solution Providers
7 Privileged Access Management (PAM) Deployment Mistakes to Avoid
8 Benefits of Endpoint Detection & Response (EDR) You Should Know
8 EDR Best Practices You Need to Pay Attention to in 2025
8+ Free and Open Source Patch Management Tools for Your Company [Updated 2025]
A Guide to Effective Cloud Privileged Access Management
Admin Rights in Action: How Hackers Target Privileged Accounts
Best Automated Patch Management Software in 2025
Cybersecurity And The Patching Paralysis Problem
EDR Implementation: Essential Features, Considerations, And Best Practices
EDR vs NGAV: Which Works Better for Your Organization?
EDR vs. SIEM: Key Differences, Features, Functionality Gaps, and More
Effective Privileged Access Management Implementation: A Step-by-Step Guide
Endpoint Detection and Response: Uses, Benefits, and Trends
EPP vs. EDR [How to Choose the Best Endpoint Protection Platform]
EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive
How Patch Management Software Solves the Update Problem
How to Conduct a Successful Privileged Access Management Audit
How to Create an End-to-End Privileged Access Management Lifecycle
How to Defend Against the 10 Most Dangerous Privileged Attack Vectors
How to Implement Patch Management Software
How to Negotiate Your NIS2 Fine or Completely Avoid the Risk
How to Prepare for NIS2 Audits – A Compliance Expert’s View
How to Prioritize Vulnerabilities Effectively: Vulnerability Prioritization Explained
IAM vs PAM: What’s the Difference And Why It Matters
Main Types of Patch Management: A Decision-Making Guide
Modern Patch Management
NDR vs EDR: A Comparison Between the Two Cybersecurity Solutions
NIS2 Compliance – How to Do It Sustainably by Continuous Compliance
NIS2 Compliance | Challenges, Pain Points and Solutions
NIS2 Compliance Checklist
Patch Management Guide
Patch Management Policy Guide 2025 [Free Template Inside]
Patch Management vs. Vulnerability Management: A Comparison
Patch management: Best practices, implementation, and tools
PIM vs PAM vs IAM. Definitions and Roles in the Cybersecurity Strategy
Privileged Access Management (PAM) – PAM in the Cloud vs PAM for the Cloud
Privileged Access Management (PAM) Best Practices
Privileged Access Management Features: What You Need in Your PAM Solutions
Privileged access management: Best practices, implementation, and tools
Six Patch Management Best Practices [Updated 2025]
Ten Open-Source EDR Tools to Enhance Your Cyber-Resilience Factor
The 7 Key Steps of the Effective Patch Management Process
The Complete Guide to PAM Tools, Features, and Techniques
The Complete Guide: How to Create an Endpoint Detection and Response (EDR) Strategy
Top 11 Privileged Access Management Software Solutions in 2025
What Is a Privileged Access Management Policy? Guidelines and Benefits
What Is Cyber Threat Hunting? Process, Types and Solutions
What Is EDR? Endpoint Detection and Response
What Is PAM-as-a-Service (PAMaaS)?
What Is Patch Management as a Service (PMaaS) & What Can It Do For You?
What Is Patch Management? Definition, Process, Benefits, and Best Practices [UPDATED 2025]
What Is Privileged Access Management (PAM)?
What Makes Endpoint Detection and Response (EDR) Important? With Solid Use Cases
Why Is MDR Better Than EDR: Enhancing Cybersecurity in the Modern World
XDR vs. EDR – A Comparison
< Back to NIS2 Guide Go to Comply with Heimdal® >

EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive

Contents:

The European Commission has adopted new cybersecurity rules for critical infrastructure across the EU, taking a major step toward enhancing digital resilience.

This implementing regulation under the updated NIS2 Directive specifies cybersecurity measures for essential sectors and outlines when companies must report significant incidents to national authorities.

The rules apply to key digital service providers, including cloud computing, data centers, online marketplaces, search engines, and social networking platforms.

The regulation also defines which incidents are deemed significant enough to trigger mandatory reporting.

This adoption coincides with the deadline for Member States to incorporate the NIS2 Directive into their national laws.

Starting October 18, 2024, all EU countries are required to enforce NIS2 measures, ensuring a standardized level of cybersecurity, supervisory oversight, and enforcement across the Union.

What’s new in the NIS2 directive ?

The new NIS2 Directive balances the flexibility afforded to Member States with a uniform implementation strategy across the EU.

Here’s a breakdown of the key changes from NIS1 to NIS2 and their implications for ENISA, the European Commission, and Member States:

  • Broader Scope: NIS2 now encompasses twice as many sectors, highlighting their digital transformation and their critical economic and societal roles.
  • Classification by Size: Introduces size thresholds to differentiate between essential and important entities.
  • Enhanced Security Requirements: Expands the list of security measures based on risk assessments, adding new responsibilities for management bodies.
  • Structured Incident Reporting: Implements more organized incident reporting protocols with specific deadlines and stronger oversight for entities meeting minimum requirements.
  • Distinct Regulatory Frameworks: Establishes separate regimes for essential and important entities to facilitate cross-border cooperation.
  • ENISA’s Expanded Role: The European Union Agency for Cybersecurity (ENISA) will create a registry of cross-border entities and develop a European Vulnerability Database for the voluntary disclosure and registration of known vulnerabilities.
  • Improved DNS Data Management: Mandates that Member States maintain accurate and complete databases of domain name registration data to enhance the security, stability, and resilience of the Domain Name System (DNS).

For additional resources such as implementing act, factsheet and questions & answers about the NIS2 Directive, read the full announcement here.

Achieve Cyber Resilience with Heimdal

To see how Heimdal can help you achieve cyber resilience and comply with the NIS2 Directive, check out our compliance page.

Comply with the EU's NIS2 Directive with Heimdal

Comply Now white arrow white arrow

Get your hands on our comprehensive NIS2 Compliance Checklist, now available for download in three convenient formats: PDFWord, and Google Docs – ensuring you have everything you need to streamline your compliance.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

See More
FAQ
Frequently Asked Questions
1. When do the new NIS2 rules come into effect across the EU?
All EU Member States must implement the updated NIS2 Directive into their national laws by October 18, 2024. From this date forward, organizations operating within critical sectors will be legally required to comply with the updated cybersecurity measures, including stricter incident reporting and enhanced risk management protocols.
2. Which organizations are impacted by the NIS2 Directive?
The NIS2 Directive applies to a wider range of organizations than its predecessor. It includes essential and important entities in critical sectors such as energy, healthcare, transport, banking, digital infrastructure, cloud services, online marketplaces, data centers, and social networking platforms. The classification now also considers organization size, targeting medium and large companies that play a vital role in maintaining economic and societal stability.
3. What types of cybersecurity incidents must be reported under NIS2?
Under the NIS2 Directive, organizations must report any incident that has a significant impact on the provision of their services. This includes incidents that cause substantial disruption, lead to data breaches, or pose serious risks to users or other entities. Reports must be submitted to national authorities within 24 hours of becoming aware of the incident, followed by a more detailed report within 72 hours.
linkedin
youtube
facebook
x

resources

company

newsletter

© 2025 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V