Companies and organizations must take appropriate and proportionate technical, operational and organizational measures to manage cybersecurity risks and to prevent or mitigate any damage.
In the NIS2 Directive, there are 10 overall minimum requirements that companies and organizations must meet.
NIS2 also requires companies to report to the authorities if they are affected by a cybersecurity incident.
In addition, the new rules impose stricter requirements for governance and anchoring in management.
You can find out more about the new legislation on these pages: