NIS2 Directive: what is it, how to prepare, and which sectors are included?
7 March 2023
The Road to NIS2 Compliance – Is Your Organization Ready?
The EU’s NIS2 Directive on the security of network and information systems, aimed at strengthening cyber defense and promoting a more proactive approach to cybersecurity, will come into effect in Denmark on July 1, 2025.
Now implemented into Danish law, the directive is designed to enhance cybersecurity across thousands of companies and organizations delivering essential services in various critical sectors. These entities will be required to implement appropriate and proportionate security measures to minimize the impact of cyberattacks and other security incidents.
NIS2 also introduces stricter reporting requirements for significant incidents to national authorities. Executive accountability is being reinforced, and substantial fines may be imposed for non-compliance.
So, how can you prepare – and what should you prioritize to meet these new, heightened requirements?
At Orange Cyberdefense, we offer strategic and operational guidance to help organizations comply with NIS2. We've developed a range of NIS2-relevant security solutions, with a strong focus on Managed Security Services that help ensure a robust cyber defense.
Our Governance, Risk & Compliance (GRC) team helps “translate” NIS2 requirements into actionable steps, making compliance easier to understand and manage. Our specialists ensure that cybersecurity is prioritized throughout your organization, and that your investments support resilience, competitiveness, growth, and long-term development — from strategic planning to operational implementation, monitoring, and management of your security solutions.
Learn more about NIS2 on the website of the Danish Civil Contingency Agency: https://www.cfcs.dk/NIS2
NIS2 Check
All companies and organizations can now get a preliminary assessment of whether they fall under the scope of the NIS2 requirements using a new tool from Sikker Digital. Find out if your organization is affected here: https://www.nis2tjek.sikkerdigital.dk/
What is NIS2?
NIS2 comes into effect in Denmark on July 1, 2025
Background: NIS2 is an EU directive adopted in 2022 aimed at strengthening cybersecurity across several critical sectors.
Who is Covered by the NIS2 Legislation?
- Companies with at least 50 employees or an annual turnover exceeding €10 million
- Companies performing critical functions (e.g., in energy, healthcare, food, finance, transport, communications, waste, water supply and public administration)
- Subcontractors and suppliers to companies or organizations operating within critical infrastructure
Sanctions and Enforcement
- In Denmark, the Danish Civil Contingency Agency (Styrelsen for Samfundssikkerhed) is the supervisory authority for NIS2.
- In principle, the agency can issue fines from day one to organizations that fail to meet NIS2 requirements. However, initial efforts will focus on guidance and official notices.
- Organizations that do not comply with the directive may face substantial fines of up to €10 million or 2% of their global annual revenue, whichever is higher.
- For the first time, executive management and boards of directors will also bear legal responsibility for ensuring that cybersecurity is effectively managed within their organizations.
NIS2 Requirements Are Complex – But Compliance Doesn’t Have to Be
At Orange Cyberdefense, we understand the importance of cybersecurity and the need to adapt to evolving regulatory demands.
Let us guide you on your path to compliance — and bring you one step closer to a safer, more secure cyber defense.
Learn more
NIS2 Puts Leadership Accountability in the Spotlight
The purpose of NIS2 is to establish a common minimum level of security measures across critical institutions, organizations, and businesses in the EU — reducing the risk of cyberattacks and strengthening cybersecurity across member states.
In total, around 150,000 European organizations will be affected by the directive — including approximately 1,500 in Denmark. That’s nearly ten times more than under the original NIS1 directive. With NIS2, organizations will be required to ensure that their cybersecurity officers can map and assess costs, resources, and services — and effectively identify and communicate potential cybersecurity risks to senior leadership.
Under NIS2, executive accountability is also reinforced. In most cases, the board of directors will be considered the governing body — and in organizations without a board, the executive management takes that role. These governing bodies are directly responsible for ensuring that the requirements of NIS2 are met. There is also a continued training requirement for members of the governing body.
In Denmark, liability for fines follows traditional civil law principles, where management is only held responsible if the organization has acted negligently. This is not necessarily the case in other EU countries, where NIS2 may be implemented with a stricter approach to executive liability. Therefore, it is crucial to be aware of national differences, especially if your organization operates across multiple EU jurisdictions.
We Help You Meet NIS2 Requirements
Manage Security Risks
Ensure that regular cybersecurity risk assessments are conducted.
Update Response Plans
Review, update, and strengthen your organization’s risk management programs and incident response plans.
Protect Against Cyberattacks
Implement technical and organizational measures that safeguard your organization from cyber threats.
Detect, Report, and Respond to Cybersecurity Incidents
Enhance resilience and raise employee awareness through targeted training.
Minimize the Impact of Cyber Incidents
Effectively manage risks and build strong cyber resilience across your organization.
How to Secure Your OT Systems Under NIS2
The NIS2 Directive goes beyond traditional IT security and directly impacts OT (Operational Technology) environments within critical industries. As industrial systems become increasingly connected to enterprise networks and cloud services, the attack surface expands — making OT a clear target for cyber threats.
To comply with NIS2, it is essential to strengthen security within the OT environment. This requires better visibility and the implementation of proactive measures to enhance cyber resilience.
Achieving compliance doesn’t have to be a burden — in fact, it can be a catalyst for stronger security, greater operational stability, and a real competitive advantage. With the right strategy, NIS2 can become an opportunity to future-proof your OT environment and stay ahead of the ever-evolving cyber threat landscape.
How to achieve NIS2 complianceKey OT Security Focus Areas for NIS2 Compliance
The NIS2 Directive introduces a range of enhanced cybersecurity requirements — including for Operational Technology (OT). Below is an overview of the key areas you should prioritize. Each focus area is critical as it helps build the necessary resilience in your cyber defense, strengthens your ability to withstand cyberattacks, and ensures compliance with NIS2 regulations.
Learn more
Visit Our OT Showroom in Lyon
Experience firsthand how we protect your complex OT environments and help you achieve NIS2 compliance.
In our unique OT Showroom in Lyon, you can see industrial cybersecurity in action, as it functions in the real world. Witness how threats are handled, how advanced security solutions work, and how we ensure the operation of your critical OT systems.
Gain inspiration and insights into the specific solutions that build resilience, strengthen your cyber defense, and protect your OT systems from serious cyberattacks that could lead to downtime and significant financial losses.
Get a deep dive into OT security. Take the first step toward a more secure OT environment with us.
Learn more about our OT Showroom
NIS2 is not just about meeting new, stricter requirements – it’s about building a robust cybersecurity readiness that protects your entire business. Cybersecurity is no longer just an IT issue — it’s a leadership responsibility that requires oversight and strategic integration within the business. Many organizations are unsure where to start and how to achieve compliance. At Orange Cyberdefense, we turn the requirements into tangible action — from analysis and advisory services to the implementation of solutions and governance processes, as well as operations and monitoring. We help leadership understand the risks and make decisions that ensure both compliance and business resilience.
Read more about NIS2
July 1st Is the New Date for NIS2 Implementation in Danish Legislation
15 October 2024
NIS2 in Practice – How We Support Your Cybersecurity – From Analysis and Strategy to Ongoing Security Operations
30 April 2025
Dear Executives – Your Cybersecurity Teams Are Lacking Direction
23 October 2024
NIS2 Compliance: Is Your Organization Ready?
15 October 2024
Danish Implementation of NIS2 Legislation Postponed – Again!
15 February 2024
What NIS2 means for Operational Technology (OT)
18 June 2024
NIS2: Boosting OT Security in a New Regulatory Landscape
22 November 2023
NIS 2 Directive: what are the impacts for SMEs and local government?
18 January 2023
DORA's ICT-risk framework: who's responsible for what?
13 October 2023
Why the DORA Regulation is not just a ‘financial sector’ version of the NIS2
11 October 2023
Expert Advice: Achieving NIS2 compliance as an OT leader
3 March 2025
Learn more about NIS2 & Microsoft
Navigating the complex world of NIS2
Explore the intricate world of NIS2 requirements with ease! As a trusted European cybersecurity leader...
Strengthen your cybersecurity strategy in preparation for NIS2
The European Network and Information Security Directive (NIS2) introduces new measures...
How we support your Microsoft investments and ensure NIS compliance
The NIS2 Directive introduces new and stricter cybersecurity requirements for both public and private organizations operating...
Get help becoming NIS2-compliant
Talk to one of our NIS2 experts today
Global cybersecurity expertise — locally delivered
At Orange Cyberdefense, we help protect your business around the world with local presence and deep expertise. We combine the strength of a global organization with the focus and agility of a local partner.
We’re one of Europe’s leading cybersecurity providers, with 25 years of experience in Cyber Security, Managed Security Services, and Threat Intelligence. We are recognized as a leading MSS provider by information tech- nology research and advisory companies such as Gartner, Forrester, and IDC.
Our capabilities cover the full cybersecurity landscape — from threat monitoring, analysis, strategic consulting and advisory services to the implementation and management of advanced security platforms and solutions.
With 250+ of the industry’s top analysts working across 17 Security Operations Centers (SOCs), 15 CyberSOCs, 11 Computer Emergency Response Teams (CERT’s) and 4 Scrubbing Centers to mitigate DDoS attacks, we collect and analyze data from over 500 global information sources — 24/7 – and react fast to threats and incidents.
Today, we support over 9,000 customers in 160 countries and employ more than 3,100 cybersecurity experts worldwide. In the Nordics, our team consists of 500 employees across Denmark, Norway, and Sweden with local offices in Copenhagen, Aarhus, Malmö, Gothenburg, Stockholm and Sundsvall. Our customers include multinational companies, public organizations, and government authorities.
Together with Orange Business we are a part of Orange Group — a French telecommunications leader with over 137,000 employees and 296 million customers worldwide.