Bottom line: Numerous enterprises have significant catching up to do in the practical implementation of NIS2 requirements.
The NIS2 Directive obligates enterprises in the EU to meet elevated cybersecurity standards, yet a large number of organizations are not yet at the required level of implementation.
The NIS2 Directive (Network and Information Security) establishes binding cybersecurity standards for enterprises in the DACH region and the EU. It mandates measures for risk analysis, securing critical systems, and mandatory reporting of security incidents. The scope extends beyond traditional critical infrastructure operators to include large enterprises in sectors such as energy, transport, banking and healthcare, as well as important digital service providers.
Compliance officers must ensure that their organizations meet legal requirements – from implementing technical control measures and documenting security processes to conducting regular security audits and providing employee training. NIS2 also establishes heightened responsibility for management, which must directly engage with cybersecurity governance.
The implementation status reveals that many enterprises have not yet fully grasped the extent of the requirements or lack the resources and expertise to implement them. Compliance teams must therefore quickly conduct an inventory assessment, identify gaps, and establish a structured implementation plan to avoid fines and reputational damage.
Source: news.google.com · Published 9 June 2026
Lumi AI News — AI-assisted curation according to Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.