Vai al contenuto principale
EU Directive 2022/2555

NIS2 is coming.
Are you ready?

The NIS2 Directive requires organisations across 18 sectors to implement cybersecurity measures — or face fines up to €10M. The clock is ticking.

---
Days
--
Hours
--
Minutes
--
Seconds

until October 17, 2026

Scansiona il tuo sito web ora Check which rules apply

Does NIS2 apply to you?

NIS2 applies to essential and important entities in 18 sectors. If your organisation has 50+ employees or €10M+ turnover in one of these sectors, you are likely in scope.

Energia

Essential

Trasporto

Essential

Banking

Essential

Health

Essential

Digital Infrastructure

Essential

ICT Services

Essential

Chemicals

Importante

Manufacturing

Importante

Postal Services

Importante

Cloud / SaaS

Importante

Food

Importante

Research

Importante

The cost of non-compliance

Essential entities

€10M

or 2% of global annual turnover

whichever is higher

Important entities

€7M

or 1.4% of global annual turnover

whichever is higher

Management can be held personally liable under NIS2 Art. 20.

What NIS2 requires — and what SiteGuardian monitors

NIS2 Art. 21 defines 10 cybersecurity risk management measures. SiteGuardian continuously monitors the technical ones.

Art. 21(2)(a)

Risk analysis and security policies

Monitorati

Regular security assessments and documented security posture.

Art. 21(2)(b)

Incident handling

Monitorati

Detection, reporting (24h early warning, 72h notification), and response processes.

Art. 21(2)(c)

Business continuity

Backup management, disaster recovery, and crisis management.

Art. 21(2)(d)

Supply chain security

Monitorati

Security requirements for suppliers and service providers.

Art. 21(2)(e)

Secure development

Security in network and information systems acquisition and development.

Art. 21(2)(f)

Effectiveness assessment

Monitorati

Policies and procedures to assess cybersecurity risk management effectiveness.

Art. 21(2)(g)

Cyber hygiene and training

Basic cyber hygiene practices and cybersecurity training.

Art. 21(2)(h)

Cryptography and encryption

Monitorati

Policies on the use of cryptography and encryption.

Art. 21(2)(i)

Access control and asset management

Human resources security, access control policies, and asset management.

Art. 21(2)(j)

Multi-factor authentication

Monitorati

Use of MFA, secured communications, and emergency communication systems.

Start preparing today

Scan your website to see where you stand. SiteGuardian maps every finding to NIS2 articles — so you know exactly what to fix.

Free security scan View compliance plans

Free forever for 1 monitor. No credit card required.

Domande frequenti

What is the NIS2 Directive?
NIS2 (Directive 2022/2555) is the EU's updated cybersecurity regulation replacing the original NIS Directive. It significantly expands the scope to cover 18 sectors and introduces stricter requirements for incident reporting, risk management, and supply chain security.
When does NIS2 take effect?
Member states had to transpose NIS2 by October 17, 2024. Most missed this deadline. Effective enforcement with penalties is expected from October 17, 2026, when national transposition laws take full effect.
Does NIS2 apply to my company?
If your organisation has 50+ employees or €10M+ annual turnover and operates in one of the 18 listed sectors (energy, transport, banking, health, digital infrastructure, ICT, manufacturing, etc.), you are likely in scope. Use our compliance check tool to find out.
What are the reporting deadlines?
Under NIS2 Art. 23: 24 hours for an early warning, 72 hours for the formal incident notification, and 1 month for the final report. SiteGuardian tracks these deadlines automatically when an incident is opened.
How does SiteGuardian help with NIS2?
SiteGuardian continuously monitors your website's security posture (encryption, headers, DNS, email authentication) and maps findings to NIS2 articles. When an incident occurs, it classifies the regulatory impact and tracks notification deadlines. Compliance reports document your measures for auditors.