Resources

NIS 2 Hub

A practical hub for NIS 2: understand scope, governance & penalties, risk-management measures, and the incident-reporting timelines, plus ISO 27001 mapping and ISMS guidance to get compliance fast.

NIS 2

NIS 2 explained (start here)

Plain-English overview of who’s in scope, what changes, and what “good” looks like. In this article we’ll explore in detail what it is, who needs it, and how to achieve compliance.

NIS 2 Basics

Free Download

Getting started with NIS 2 (guide)

If you’re approaching NIS 2 for the first time it can be a bit intimidating. This practical starter guide helps you decide if you’re in scope, classify essential vs. important, and translate the Directive into a simple, team-ready plan.

Download your guide

Free Download

Cybersecurity & compliance white paper

Cybersecurity regulations can seem overwhelming, and new ones are coming thick and fast. But you don’t have to go it alone. We’ve broken down everything you need to know in our latest whitepaper.

Download your guide

Fast Track Tools

ISMS.online’s NIS 2 Framework

Explore the dedicated NIS 2 framework inside ISMS.online, Up to 78% of the work is already done for you. See how it maps directly to the Directive’s Articles 20–23 and the 13 cybersecurity risk-management measures. Every requirement from governance to supply chain oversight is pre-linked to policies, risks, and evidence areas you already use.

Fast Track Tools

Get a 78% complete head-start out of the gate

Our 90-day acceleration plan is the fastest route from “we need to comply” to “we’re audit-ready.” Inside ISMS.online, each phase—scope, gap analysis, risk management, evidence gathering, and management review is streamlined and tracked for you. Real-time dashboards, task reminders, and downloadable proof packs help teams stay on pace without extra admin.

Fast Track Tools

NIS 2 made simple, scalable, and sustainable

Discover the smarter way ISMS.online now delivers NIS 2, more guidance, less guesswork, and instant alignment with EU requirements. We’ve added pre-built NIS 2 policy packs, automated article-to-control mapping, and integrated evidence tracking that makes proving compliance simple.

Take a deeper dive

Article

Scope & entity types (essential vs important)

Use our scope guides to confirm whether NIS 2 applies, then determine if you’re an essential or important entity and what that classification changes in practice. We cover size and sector tests, edge cases (subsidiaries, non-EU companies, indirect services), and how misclassification impacts supervision and fines.

Guide

Accountability & penalties

NIS 2 raises the bar for executive accountability. Learn what the management body must approve, oversee and evidence; how supervision differs for essential vs important entities; and how penalties are triggered and sized. We include board-level reporting expectations, training proof, and common first questions from regulators.

Download

Guide

Risk-management measures (the 13)

Go line-by-line through the 13 cybersecurity risk-management measures with plain-English actions, policy starters, and “what counts as proof.” From access control and vulnerability handling to logging, continuity and supplier oversight, we show how to implement proportionately and how to reuse ISO 27001 work where possible.

Guide

Incident reporting timelines & requirements

Master the 24-hour early warning, 72-hour update, and 30-day final report. We break down thresholds for “significant incidents,” cross-border workflow, CSIRT and NCA roles, the exact information regulators expect and guidance on avoiding self-incrimination while staying transparent.

Guide

NIS 2 supply-chain security explained

NIS 2 puts real weight on supplier assurance. Learn how to tier suppliers, run proportionate due-diligence, and embed security clauses that auditors expect to see (vuln disclosure, reporting, audit rights, data location, crypto, exit). We also cover continuous monitoring, handling non-EU providers, and what to do when a critical supplier refuses terms.

FAQs

NIS 2 FAQs

A collection of some of the most common questions about the NIS 2 directive. Every decision, contract, and action must be proven with auditable records, learn how to ensure compliance, show trust, and turn readiness into a business advantage.

See all FAQs

Best of the blog

Unpacking the Cost vs ROI of Achieving ISO 27001 Certification

Article

NIS 2 is Coming: Here’s What UK Organisations Need to Know

NIS 2 introduces a minimum set of measures to which all organisations must adhere and will apply to all medium and large-sized organisations in the sectors deemed providers of “essential” or “important” services

Read the article

Article

NIS 2: What The Proposed Changes Mean For Your Business

Companies providing essential services such as energy, healthcare, transport, or water may be fined up to £17 million in the UK and €10 million or 2% of worldwide turnover in the EU.

Read the article

Information Security Management: Roadmap to Growth

Article

A Strategic Approach to Navigating NIS 2 and DORA Directives

Rather than managing NIS 2 and DORA separately, a strategic approach anchored in an Information Security Management System (ISMS) helps to address both sets of requirements for handling cyber risks.

Read the article

Watch and listen

Podcast

The Big Cybersecurity Questions Facing Businesses

Cyber threats are evolving fast. Stay ahead with expert insights on AI, cyber law, and trust, plus ten essential steps to secure your business.

Listen now

Webinar

What Not To Do in a Disaster

What to do—and what to avoid—when a cyber attack like WannaCry strikes, with expert insights on ransomware response, minimizing damage, and ensuring your business can recover quickly.

Watch now