What is NIS2?
NIS2 is an upoming directive of the European Union whose goal is to further increase the level of cyber security at the level of the European Union. The NIS2 directive obliges all member states to adopt appropriate national laws and policies to implement its guidelines and requirements.
When does NIS2 come into force and who does it apply to?
The European Union requires all entities covered by the NIS2 directive to implement the prescribed guidelines from November 18, 2024.

NIS2 significantly expands the scope of action. In addition to operators of essential services and digital services providers, the new obligations resulting from NIS2 will also apply to the public sector and part of the private sector.

Download the free e-book!
You can request to unsubscribe or delete your data anytime
Which sectors will have to adapt?
  • health sector
  • organizations in charge of water supply
  • energy companies
  • companies whose focus is waste disposal
  • public companies dealing with drainage and sewerage
  • transport sector
  • financial sector
  • companies engaged in food production
  • other manufacturers of critical products
  • postal services
  • delivery services
What measures does NIS2 introduce?
All companies will need to implement processes and policies to better manage risks. Companies will also have the obligation to timely and transparently inform the public and all competent institutions about cyber attacks and their consequences - when and if they occur.


Medium and large organizations will need to continuously implement security policies over the information system. Companies will also need to conduct a risk analysis.

Organizations will also need to implement practices to detect and handle vulnerabilities, as well as continuously test the company's level of cyber security. Additional obligations include the use of encryption practices and multi-factor authentication and the implementation of secure video, voice and text communications.
Is there any impact on non-EU countries?
The application NIS2 directive to organizations located outside the EU depend on their classification. 

For example, TLD name registries, cloud computing, DNS, data centre service providers and content delivery network providers are subject to the requirements of NIS2, if their cybersecurity decision-making center is located within the EU.
How to prepare and how can Thales help?
Thales provides extensive data security solutions designed to assist organizations in aligning with and fulfilling their responsibilities under the NIS2 directive.

Enforce robust access control protocols

Thales CipherTrust solutions offer the capability to configure multi-layered administrative access for enterprise systems both on-premises and in cloud environments. Furthermore, SafeNet Trusted Access allows centralized management of individual user identities, authentication policies based on risk assessment, and the ability to grant or revoke access to systems in hybrid IT setups.

Monitor and oversee every instance of sensitive data access

Thales' array of data security solutions equips your organization with the necessary instruments to monitor and track data access, alongside providing audit trails for verification purposes. For instance, Thales CipherTrust data protection solutions generate audit records detailing encryption key lifecycle actions (such as creation, deletion, rotation, and revocation) and other administrative tasks, aiding in event reconstruction.

Protect transaction and personal data at rest

Thales offers solutions like CipherTrust Manager, Luna Hardware Security Modules (HSMs), and the Data Protection on Demand (DPoD) platform. These tools empower organizations to centrally administer encryption keys and deploy diverse encryption, tokenization, and data masking solutions. This ensures the protection of transactional and personal data across various storage locations, including files, folders, applications, and databases, whether on-premises, in the cloud, or within hybrid environments.
Secure financial and personal data during transmission

Thales High Speed Encryptors (HSE) offer your organization a unified platform for encrypting data during transit across all points — spanning network communication between data centers and headquarters, as well as connections to backup and disaster recovery sites, whether located on-premises or in the cloud.

Develop and maintain secure systems and applications

Thales Luna Hardware Security Modules (HSMs), accessible both on-premises and via the Luna Cloud HSM on DPoD, empower organizations to securely retain signing materials within a reliable hardware device. This guarantees the authenticity and integrity of all application code files.