Who is covered by NIS2?

By default, NIS2 applies to companies and organizations operating in what are called "sectors of particular critical importance" or "other critical sectors" that provide services or conduct their activities within the EU.

Sectors of particular critical importance

• Energy (electricity, district heating and cooling, oil, gas and hydrogen)
• Transportation (air, rail, water and road)
• Banking (credit institutions)
• Financial market infrastructures (marketplaces)
• ICT service management (business-to-business)
• Public administration (except the Danish Parliament, courts and the National Bank)
• Health (healthcare providers, manufacturers of pharmaceuticals, medical devices, etc.)
• Drinking water
• Waste water
• Digital infrastructure (including cloud service providers, data centers, domain name systems (DNS), top-level domain (TLD) registries and public communication networks and services)
• Space (ground infrastructure operators).

Other critical sectors

• Postal and courier services
• Waste management
• Manufacturing, production and distribution of chemicals
• Food production, processing and distribution
• Manufacturing medical devices, computers, electronic and optical products, electrical equipment, machinery, motor vehicles and other means of transportation.
• Digital providers (online marketplaces, search engines and social networking service platforms)
• Research (research institutions)

Want to know more about NIS2?

You can find out more about the new legislation on these pages:

Article: NIS2 focuses on management responsibility for cybersecurity

What is NIS2 and why is it being introduced?

What requirements does NIS2 place on businesses?

Who is covered by NIS2?

When should we be ready for NIS2?

How does my business get started with NIS2?