{"id":8521,"date":"2025-08-21T14:50:29","date_gmt":"2025-08-21T14:50:29","guid":{"rendered":"https:\/\/nilex.se\/uncategorized\/vad-innebar-nis2-och-varfor-behover-du-agera-nu\/"},"modified":"2026-02-12T08:33:41","modified_gmt":"2026-02-12T08:33:41","slug":"what-does-nis2-mean-and-why-do-you-need-to-take-action-now","status":"publish","type":"post","link":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/","title":{"rendered":"What does NIS2 mean \u2013 and why do you need to act now?"},"content":{"rendered":"\n

NIS2 is the EU’s new directive on cybersecurity \u2013 and it affects significantly more businesses than before. The goal? To strengthen the protection of critical services in society by increasing resilience to cyber threats, incidents and inadequate risk management. But for many companies, it also means a new reality: responsibilities, requirements and obligations that must be understood, documented \u2013 and followed up on.<\/p>\n\n

<\/div>\n\n

Background: from NIS to NIS2<\/strong><\/h2>\n\n

The first version of the NIS Directive (Network and Information Security) came into force in 2018. It focused primarily on security requirements for a number of designated sectors such as energy, transport and digital infrastructure.<\/p>\n\n

But reality has changed rapidly. Cyber attacks are more sophisticated, more industries are dependent on digital flows \u2013 and the definition of what counts as "critical infrastructure" has broadened.<\/p>\n\n

Therefore, the old directive is now being replaced by NIS2, which sets higher and more uniform requirements for technology, management and documentation.<\/p>\n\n

<\/div>\n\n

Who is covered by NIS2?<\/strong><\/h3>\n\n

One of the biggest changes with NIS2 is how much broader the directive is compared to its predecessor. It no longer applies only to a few critical infrastructure operators \u2013 now it includes a wide range of activities, both in the public and private sectors.<\/p>\n\n

If your organisation offers digital services or infrastructure in areas such as IT, municipal services, property management, customer service, HR-related functions or the manufacturing and logistics sector, there is a good chance that you are covered by NIS2. This also applies to operators acting as subcontractors in any of these sectors \u2013 even there, risks in the supply chain must be managed in accordance with the directive.<\/p>\n\n

For many, this means thinking more proactively about structures for case management, security incidents and roles and responsibilities. A unified case management system \u2013 supporting both technical and non-technical departments \u2013 becomes a central part of meeting traceability and documentation requirements.<\/p>\n\n

Companies that already work according to frameworks such as ITIL incident management or Enterprise Service Management<\/a> (ESM) often have a head start. They already have established processes for handling incidents, following up on cases and documenting measures. But even there, NIS2 may require that the systematisation be broadened and that management be more directly involved.<\/p>\n\n

<\/div>\n\n

There are two main criteria that determine this:<\/p>\n\n

    \n
  • Industry\/sector<\/strong> \u2013 are you on the list of critical or essential businesses?<\/li>\n\n\n\n
  • Size<\/strong> \u2013 do you have more than 50 employees or an annual turnover exceeding \u20ac10 million?<\/li>\n<\/ul>\n\n

    If you meet both criteria, there is a good chance that you are covered. In that case, it will soon be a legal requirement to comply with the directive’s rules.<\/p>\n\n

    <\/div>\n\n

    This is what NIS2 requires of you<\/strong><\/h3>\n\n

    It’s not just about installing firewalls. NIS2 has a broader scope:<\/p>\n\n

    Management responsibility<\/strong>: The board and management bear ultimate responsibility for ensuring that security work is carried out in accordance with requirements.<\/p>\n\n

    Risk management and action plans<\/strong>: You must identify risks, prevent incidents and have procedures in place to deal with them if they occur.<\/p>\n\n

    Incident reporting<\/strong>: Security incidents must be reported within 24 hours.<\/p>\n\n

    Supply chain<\/strong>: You are also responsible for external actors that affect your digital security.<\/p>\n\n

    Continuous documentation<\/strong>: You should be able to demonstrate how you work with compliance and improvement.<\/p>\n\n

    It is therefore a question of technology, processes and culture.<\/p>\n\n

    <\/div>\n\n

    From demands to concrete action<\/strong><\/h4>\n\n

    Many organisations are now facing the same questions: Where should we start? What do we need to do? Do we already have some elements in place?<\/p>\n\n

    The first step is to understand your current situation. Do you have control over which systems and flows are critical? Are there procedures in place for incident management? Is security work documented and supported by management?<\/p>\n\n

    The next step is to identify the gaps and develop a concrete action plan. A structured case management system can play an important role here, particularly in terms of incident reporting, traceability, responsibility allocation and follow-up.<\/p>\n\n

    <\/div>\n\n

    NIS2 is not just a set of rules \u2013 it is an opportunity<\/strong><\/h3>\n\n

    Sure, NIS2 may feel like an administrative requirement. But it is also an opportunity to strengthen your business’s resilience \u2013 and build a more secure foundation for your operations. By actively working with cyber security, you not only get happier customers and partners \u2013 you also reduce the risk of downtime, data breaches or costly disruptions.<\/p>\n\n

    And perhaps most importantly, you demonstrate that you take responsibility for the digital trust that modern businesses rely on.<\/p>\n\n

    <\/div>\n","protected":false},"excerpt":{"rendered":"

    NIS2 is the EU’s new directive on cybersecurity \u2013 and it affects significantly more businesses than before. The goal? To strengthen the protection of critical services in society by increasing resilience to cyber threats, incidents and inadequate risk management. But for many companies, it also means a new reality: responsibilities, requirements and obligations that must […]<\/p>\n","protected":false},"author":1,"featured_media":6942,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[43],"tags":[],"class_list":["post-8521","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-en"],"yoast_head":"\nWhat does NIS2 mean \u2013 and why do you need to act now? | Nilex<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What does NIS2 mean \u2013 and why do you need to act now? | Nilex\" \/>\n<meta property=\"og:description\" content=\"NIS2 is the EU’s new directive on cybersecurity \u2013 and it affects significantly more businesses than before. The goal? To strengthen the protection of critical services in society by increasing resilience to cyber threats, incidents and inadequate risk management. But for many companies, it also means a new reality: responsibilities, requirements and obligations that must […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/\" \/>\n<meta property=\"og:site_name\" content=\"Nilex\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-21T14:50:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-12T08:33:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nilex.se\/wp-content\/uploads\/2025\/08\/Miljobild14-min-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2500\" \/>\n\t<meta property=\"og:image:height\" content=\"1666\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"nilex_admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"nilex_admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What does NIS2 mean \u2013 and why do you need to act now? | Nilex","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/","og_locale":"en_US","og_type":"article","og_title":"What does NIS2 mean \u2013 and why do you need to act now? | Nilex","og_description":"NIS2 is the EU’s new directive on cybersecurity \u2013 and it affects significantly more businesses than before. The goal? To strengthen the protection of critical services in society by increasing resilience to cyber threats, incidents and inadequate risk management. But for many companies, it also means a new reality: responsibilities, requirements and obligations that must […]","og_url":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/","og_site_name":"Nilex","article_published_time":"2025-08-21T14:50:29+00:00","article_modified_time":"2026-02-12T08:33:41+00:00","og_image":[{"width":2500,"height":1666,"url":"https:\/\/nilex.se\/wp-content\/uploads\/2025\/08\/Miljobild14-min-1.png","type":"image\/png"}],"author":"nilex_admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"nilex_admin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/#article","isPartOf":{"@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/"},"author":{"name":"nilex_admin","@id":"https:\/\/nilex.se\/en\/#\/schema\/person\/2f40d971d740db14580101a64f44c6f1"},"headline":"What does NIS2 mean \u2013 and why do you need to act now?","datePublished":"2025-08-21T14:50:29+00:00","dateModified":"2026-02-12T08:33:41+00:00","mainEntityOfPage":{"@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/"},"wordCount":738,"publisher":{"@id":"https:\/\/nilex.se\/en\/#organization"},"image":{"@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/#primaryimage"},"thumbnailUrl":"https:\/\/nilex.se\/wp-content\/uploads\/2025\/08\/Miljobild14-min-1.png","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/","url":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/","name":"What does NIS2 mean \u2013 and why do you need to act now? | Nilex","isPartOf":{"@id":"https:\/\/nilex.se\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/#primaryimage"},"image":{"@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/#primaryimage"},"thumbnailUrl":"https:\/\/nilex.se\/wp-content\/uploads\/2025\/08\/Miljobild14-min-1.png","datePublished":"2025-08-21T14:50:29+00:00","dateModified":"2026-02-12T08:33:41+00:00","breadcrumb":{"@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/#primaryimage","url":"https:\/\/nilex.se\/wp-content\/uploads\/2025\/08\/Miljobild14-min-1.png","contentUrl":"https:\/\/nilex.se\/wp-content\/uploads\/2025\/08\/Miljobild14-min-1.png","width":2500,"height":1666,"caption":"Leende team i m\u00f6tesrum; man i jeansskjorta i fokus och kollegor vid laptop i bakgrunden \u2013 modernt kontor och samarbete."},{"@type":"BreadcrumbList","@id":"https:\/\/nilex.se\/en\/blog-en\/what-does-nis2-mean-and-why-do-you-need-to-take-action-now\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Hem","item":"https:\/\/nilex.se\/en\/"},{"@type":"ListItem","position":2,"name":"What does NIS2 mean \u2013 and why do you need to act now?"}]},{"@type":"WebSite","@id":"https:\/\/nilex.se\/en\/#website","url":"https:\/\/nilex.se\/en\/","name":"Nilex","description":"\u00c4rendehanteringssystem som f\u00f6rvandlar din organisation med automatisk \u00e4rendeprioritering","publisher":{"@id":"https:\/\/nilex.se\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nilex.se\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/nilex.se\/en\/#organization","name":"Nilex","url":"https:\/\/nilex.se\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/nilex.se\/en\/#\/schema\/logo\/image\/","url":"https:\/\/new.nilex.se\/wp-content\/uploads\/2025\/06\/logo_nilex.svg","contentUrl":"https:\/\/new.nilex.se\/wp-content\/uploads\/2025\/06\/logo_nilex.svg","width":149,"height":25,"caption":"Nilex"},"image":{"@id":"https:\/\/nilex.se\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nilex.se\/en\/#\/schema\/person\/2f40d971d740db14580101a64f44c6f1","name":"nilex_admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1e15ff7dec39b2c16dc9c192a9b2240c4bf677fee8346ac0bbd267521712623d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1e15ff7dec39b2c16dc9c192a9b2240c4bf677fee8346ac0bbd267521712623d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1e15ff7dec39b2c16dc9c192a9b2240c4bf677fee8346ac0bbd267521712623d?s=96&d=mm&r=g","caption":"nilex_admin"},"sameAs":["https:\/\/new.nilex.se"],"url":"https:\/\/nilex.se\/en\/author\/nilex_admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/posts\/8521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/comments?post=8521"}],"version-history":[{"count":1,"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/posts\/8521\/revisions"}],"predecessor-version":[{"id":8887,"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/posts\/8521\/revisions\/8887"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/media\/6942"}],"wp:attachment":[{"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/media?parent=8521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/categories?post=8521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nilex.se\/en\/wp-json\/wp\/v2\/tags?post=8521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}