NIS2 READY

LOGIN
TRY for free

News & Blog

Back

Does Your Organization Fall Under NIS2? Here’s What You Need to Know.

Discover whether your organization falls under NIS2. Learn who is covered, key sector categories, size rules, exceptions, and supply chain impact.

NIS2 isn’t just for governments or big tech.

Thousands of organizations across Europe – from hospitals and utilities to logistics and manufacturing, are now required to comply with the EU’s updated cybersecurity directive.

The question is: Does your organization fall under NIS2?

Here’s a simple overview of who’s affected and what it means for you.

Who Must Comply with NIS2

NIS2 applies to medium and large organizations (usually 50+ employees or over €10 million in annual turnover) that operate in certain critical or important sectors.

It divides covered entities into two categories:

  • Essential (Critical) Entities: These organizations provide services that are vital to the functioning of society and the economy. If they stop working, the impact would be immediate and widespread.
  • Important Entities: These organizations might not be as critical to daily life but their disruption would still have a significant impact on business and society.

Examples of essential sectors

  • Energy – electricity, oil, gas, district heating
  • Transport – air, rail, water, road operators
  • Banking – credit institutions
  • Financial Market Infrastructure – stock exchanges, clearing houses
  • Healthcare – hospitals, clinics, laboratories
  • Drinking water and wastewater management
  • Digital infrastructure – internet exchange points, DNS service providers
  • Public administration – central and regional government bodies
  • Space

Examples of Important entities

  • Postal and courier services
  • Waste management
  • Chemical production and distribution
  • Food and beverage production and supply chain companies
  • Manufacturing of key goods – such as medical devices, electronics, machinery, or vehicles
  • Digital service providers – cloud computing, data center services, content delivery networks (CDNs), online marketplaces, search engines, and social networks
  • Research organizations

Other Key Rules

  • Size rule: NIS2 automatically applies to medium and large organizations in these sectors.
  • Exceptions: Even smaller companies may fall under NIS2 if they provide critical or unique services, for example, a small cybersecurity provider serving a hospital network.
  • Supply chain impact: Organizations not directly regulated may still be affected if they act as suppliers or service providers to those under NIS2. Compliance often flows down the supply chain.

Why This Matters

Knowing whether you’re covered is the first step toward compliance.
If you operate in any of the sectors above, you’ll soon be expected to identify risks, document security measures, train staff, and prove compliance to your national authority.

That can sound complex, but it doesn’t have to be.

How Tazilla Can Help

Tazilla simplifies NIS2 compliance for organizations of all sizes.
It guides you step by step through:

  • Risk analysis and management.
  • Policy and documentation creation.
  • Employee training.
  • Audit preparation and continuous monitoring.

All in one intuitive platform. No matter your level of expertise.

step forward

Explore Related Reads

All news