← Full glossary

NIS2

The EU cybersecurity directive (2022/2555), which tightens the security requirements for network and information systems for essential and important entities across many sectors — such as energy, transport, health, digital infrastructure and food. Covered companies must implement risk management, address supply chain security and report significant incidents to the authorities, with substantial fines for non-compliance; management can be held personally liable. NIS2 typically applies to medium-sized and large companies in the covered sectors, but smaller suppliers are also affected indirectly through customer requirements. In Denmark the directive has been implemented by law with effect from 1 July 2025.