NIS2 is on the horizon

On October 17th 2024, NIS2 will replace and update the older NIS (Network and Information System) regulations. NIS regulations for the EU and UK improve cybersecurity and cyber resilience across critical systems and infrastructure.

The EU has refreshed and expanded the scope of NIS in NIS2. If you provide any of the following services in the EU or your business offers Infomation Technologies services or products to an organisation in scope, you will want to check your business is compliant.

*The UK is still reviewing its own NIS regulation.


Sectors covered by the NIS Directive



Financial markets

Drinking water

Digital infrastructure


Health sector

Understanding NIS2

NIS2 is a set of regulations designed to enhance the cybersecurity of critical infrastructure and digital services across the European Union. Building upon its predecessor, NIS, NIS2 emphasises risk management, cooperation between Member States, and protecting essential services against cyber threats.

The NIS2 directive matters for several reasons:

Cybersecurity is a growing concern:

With cyberattacks’ increasing frequency and sophistication, bolstering cybersecurity measures has become paramount.

Protection of critical infrastructure:

NIS2 aims to protect critical infrastructure such as energy, transport, healthcare, and financial services. A successful cyberattack on these sectors could have devastating consequences, making NIS2’s provisions essential.

Cross-border collaboration:

NIS2 encourages Member States to collaborate on cybersecurity matters. In an interconnected world, cyber threats know no borders, and cooperation is vital for effective defence.

Extended scope for the NIS2 Directive

Postal & courier services

Manufacture of certain critical products

Water waste management

Public administration

Manufacture, production and distribution of chemicals

Providers of public electronic communications networks or services

Digital services

Food production, processing and distribution



Digital service providers

The countdown begins

With the NIS2 deadline just one year away, now is the time to take action. Here are some steps you can consider:

Assess your compliance:

If your organisation operates within the EU and falls under the scope of NIS2, thoroughly assess your current cybersecurity measures. Identify gaps and areas that need improvement.

Seek expert guidance:

Consider engaging cybersecurity experts who can help you navigate the complexities of NIS2 compliance. They can provide valuable insights and recommendations tailored to your specific needs.

Develop a compliance strategy:

Create a roadmap for achieving NIS2 compliance within the given timeframe. This may involve policy updates, technology upgrades, and staff training.

Stay informed:

Stay updated on any changes or clarifications to NIS2 requirements. Regulations can evolve, so you must remain informed to adapt your compliance efforts accordingly, find here. 

If you need any help regarding NIS2 compliance, Millennium Consulting offers Information security support, and if you are a Millennium+ customer, you can utilise your support time for this service.

Contact us