• Energy: Securing energy infrastructure is vital to prevent disruptions that could have widespread economic and social impacts.
• Transport: Protecting transport networks from cyber threats is essential for maintaining the flow of goods and people.
• Banking and Financial Services: Strengthening cybersecurity in the financial sector helps protect sensitive data and maintain trust in financial systems.
• Healthcare: Safeguarding healthcare systems from cyber-attacks is crucial for protecting patient data and ensuring the continuity of medical services.
• Digital Infrastructure: Enhancing the security of digital infrastructure supports the overall resilience of the digital economy.

• Responsibilities of Senior Management: Top management must approve and oversee the implementation of cybersecurity measures and can be held liable for non-compliance.
• Risk-Based Approach: Organisations must implement cybersecurity measures appropriate to the risks they face, considering factors like company size and the potential impact of incidents.
• Supply Chain Security: Companies must ensure that their supply chains are secure, including managing risks associated with third-party service providers.
• Incident Reporting: Significant incidents must be reported promptly, with specific deadlines for initial and detailed reports.
• Duty of Care: Organisations are encouraged to strengthen their cybersecurity posture. This can be done by leveraging tailored IT products and services.

The NIS2 Directive becomes enforceable on 17 October 2024. By this date, all EU Member States must transpose the directive into their national laws, and organisations must comply with its requirements.