Skip to main content

Overview

FieldValue
CELEX32022L2555
StatusActive
Articles46
Recitals144
EUR-LexView Official Text

Compliance Deadlines

DateTypeDescription
2022-12-27Entry into forceDirective enters into force
2024-10-17TranspositionMember States transposition deadline

Stakeholder Roles

The NIS2 Directive defines obligations for the following stakeholder roles:
  • manufacturer - Providers of digital products and services
  • importer - Entities importing digital services into the EU
  • distributor - Service providers in the supply chain
  • authorized_representative - EU representatives for non-EU entities
  • notified_body - Designated conformity assessment bodies
  • market_surveillance - National competent authorities
  • consumer - Users of essential and important services

Requirement Types

Requirements in NIS2 are classified as:
  • obligation - Mandatory cybersecurity risk management measures
  • prohibition - Restricted practices and non-compliant behaviors
  • right - Rights of entities and users
  • procedure - Incident reporting and notification procedures
  • general - General provisions and scope definitions

API Usage

Key Topics

  • Essential and important entity classification
  • Cybersecurity risk management measures
  • Incident reporting obligations (early warning, incident notification, final report)
  • Supply chain security requirements
  • Management body liability
  • Information sharing and cooperation