Home 5 Resources 5 NIS2 directive – key changes you need to know
Compliance

NIS2 directive – key changes you need to know

2025-03-11

As many essential functions in society have been digitalized, we have become significantly more vulnerable to cyber threats. With the NIS2 directive, the EU aims to accelerate efforts to establish a high standard of cybersecurity across the union. In this article, we provide background on the directive, look into how it may impact your organization, and address some common questions.

What is the NIS2 directive?

NIS2, short for “Network and Information Systems Directive 2”, is a revised version of the EU’s original NIS directive. By introducing stricter requirements for incident reporting, risk management, and continuous monitoring, it aims to strengthen the protection of essential services within the EU against cyber threats. The directive represents a broader, more unified approach and sets clearer requirements for companies and public organizations operating within 18 defined sectors. The EU adopted the updated directive in December 2022, and it came into effect at the EU level on October 18, 2024; however, it has not yet been implemented into Swedish law.

 

When will NIS2 be implemented?

In Sweden, the directive will be implemented through the cybersecurity law, originally expected to take effect in early 2025. However, a government review of its structure is still ongoing. During spring 2025, the government will present a proposal, with the latest timeline suggesting it will be implemented in the second half of 2025.

Who is covered by NIS2?

Like the original NIS directive, NIS2 applies to all organizations providing essential services. However, it also includes additional sectors and types of operations. The directive distinguishes between “essential sectors” and “important sectors,” with differences in financial consequences and procedures depending on the category.

See which industries are subject to NIS2

NIS2 also aims to strengthen supply chain security, meaning that subcontractors of essential service providers may also need to meet the new security requirements.

What does NIS2 require from organizations?

Organizations must quickly report serious incidents to the authorities and collaborate with other stakeholders to manage disruptions that affect essential services. Additionally, they also need a clear plan for risk management and continuous improvement of security measures.

We’ve helped thousands of businesses build cloud solutions focused on security, scalability, and compliance. Contact us to discuss how we can help you strengthen your IT strategy for the future.

What's new in NIS2?

Key changes from the original directive include:

  • More sectors and types of operations included
  • Increased fines and stricter oversight for compliance
  • Direct accountability of corporate leadership for cybersecurity
  • Stricter requirements in the supply chain and among partners

How we meet the new requirements

At Glesys, we have extensive experience delivering IT services for security-critical operations. As an ISO 27001-certified provider, we have a strong foundation for information security, and parts of our operations are already subject to the NIS directive. While awaiting the implementation of NIS2, we are actively monitoring developments and have established a strategy to respond swiftly and efficiently to the new requirements.

Curious how we can support digital compliance? Read more about our work with compliance and security.

Johan Wereen
About the author
Johan Weréen serves as Customer Success Manager at Glesys, specializing in compliance and secure infrastructure operations. He supports organizations in navigating complex GDPR requirements, enhancing onboarding processes to improve customer experience, and reinforcing data protection practices across diverse technical environments.

Share

Latest

Glesys releases 2024 sustainability report and establishes CSRD-aligned baseline
2025-11-24
chevron_right
Glesys releases 2024 sustainability report and establishes CSRD-aligned baseline
2025-11-24
chevron_right
Glesys releases 2024 sustainability report and establishes CSRD-aligned baseline
2025-11-24
chevron_right