Latest Stories

Stay up-to-date with everything at Approach

Publication

Whitepaper – A summary of the NIS 2 ‘essentials’

Publication date

04.03.2026

We receive a lot of questions from clients about the NIS 2 directive. What is it like and what is its purpose? How is it different from NIS 1? Does NIS 2 apply to my organization? What steps do I need to take to be in compliance? Isn’t there an overlap with the GDPR?

What does the name NIS2 Directive mean?

Network and Information Systems Directive (2nd edition)

Milestones

  • In 2016, the European Parliament adopted the NIS 1 Directive, oficially published in the Official Journal of the European Union.
  • The NIS 1 directive came into effect in 2019.​
  • A revised version, known as the NIS 2 directive, was adopted and published on November 10, 2022.
  • Subsequently, member states were granted 21 months to integrate this European directive into their respective national legislation. To be precise, all EU member states are required to incorporate the NIS 2 directives into their legislation by October 17, 2024, for them to attain enforceability.
  • In January 2025, the European Commission adopted specific implementing acts to further clarify the technical and methodological requirements for cybersecurity risk-management and to define precise reporting obligations for digital infrastructure sectors.
  • By April 17, 2025, all Member States are required to establish a formal list of essential and important entities, a crucial step that enables national regulators to initiate active supervision and oversight of the identified organizations.
  • The period of 2025 through 2026 marks the commencement of the first cycle of “Peer Reviews,” during which Member States and ENISA evaluate the effectiveness of national implementations to ensure a harmonized level of cybersecurity across the European Union.

 

Download the Whitepaper

OTHER STORIES

Approach Cyber partners with Formalize to simplify and strengthen GRC

At Approach Cyber, we are committed to making Governance, Risk & Compliance (GRC) more effective, more accessible, and better aligned with real business needs. Today, we are proud to announce our partnership with Formalize, a sovereign GRC platform that perfectly complements our expertise and vision.

Anonymisation as Strategy: Unlock data innovation while reducing risk

Anonymisation isn’t just a compliance tactic — it’s a strategic enabler that reduces risk, builds trust, and unlocks data for innovation. In this practical guide, our Data protection expert Ana-Maria Luca explains why anonymisation matters, how it strengthens smarter data governance, and how organisations can get started through a phased approach.

AI is here to stay, and so is its regulation

The EU AI Act is changing how organisations can deploy AI — depending on the risk level and their role in the value chain. Our GRC expert Kevin Lavrijssen provides a clear overview of what’s coming, when it applies, and how to take the first steps toward compliance and stronger AI governance. 

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?

info@approach-cyber.com

Facebook-f Linkedin-in Youtube
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.