NIS2 - European Union Cybersecurity Directive
The aim of the NIS2 Directive is to ensure a common level of cyber security in the whole European Union.
Read more about the NIS 2 incident notification form
Obligations under the NIS 2 Directive entered into force 8 April 2025
- Check the Cybersecurity Act (External link) and the Information Management Act (External link) to determine whether your organisation is a NIS 2 entity. For advice, you can contact the supervisory authority of your sector.
- Register for the list of entities (External link) maintained by the supervisory authority of your sector.
- Implement the cybersecurity risk management procedure. For more information, see Traficom’s recommendation on cybersecurity risk management measures (External link), for example. The recommendation is targeted at the authorities supervising NIS 2 entities, but it also supports the entities in planning their risk management measures.
- Read more about the procedure for notifying significant incidents. You can submit notifications via the NIS 2 incident notification application (External link).
- Read the EU NIS 2 Directive (External link)
Important information on the NIS2 Directive
- To whom do the obligations apply? (External link)
- Which authorities are responsible for the supervision and guidance of different sectors? (External link)
- What obligations does the regulatory framework impose? (External link)
- Voluntary notifications to the NCSC-FI at Traficom (External link)
- NCSC-FI's services (External link)
- What kinds of roles do other authorities play in cybersecurity and data protection matters? How and when to contact them? (External link)
- Other relevant legislation (External link)