NIS2¶
Directive (EU) 2022/2555 — cybersecurity obligations for essential and important entities across 18 sectors. Member-state transposition deadline was 17 October 2024; national implementations differ, so always check your own member state's law.
Planned branches¶
| Area | Planned artefacts |
|---|---|
| Scoping | Am-I-in-scope checklist (essential vs. important entity) |
| Governance (Art. 20) | Management-body accountability matrix |
| Risk-management measures (Art. 21) | The ten measures mapped to concrete controls and documents |
| Incident notification (Art. 23) | 24h / 72h / one-month reporting timeline reference |
| Supply chain | Supplier security requirements checklist |
Under construction
This branch opens after the core DORA set ships. New artefacts are announced on the blog.
Primary sources¶
- Directive (EU) 2022/2555 on EUR-Lex
- ENISA implementation guidance (linked per artefact)