NIS2 – What every business leader needs to know about the EU’s new cybersecurity regulations

The European Union's new cybersecurity regulation, the NIS2 Directive (Network and Information Security Directive 2), entered into force on October 18, 2024, and all member states – including Hungary – are required to transpose it into their domestic legal order by October 17, 2025. The goal is clear: provide stronger protection for the European economy against digital threats.

Why is NIS2 important?

The previous NIS Directive already laid the foundations for cybersecurity for critical infrastructures, but since then the threats have become much more complex. NIS2 not only expands the scope of organizations affected, but also stricter safety requirements, stronger regulatory controls and higher fines also introduces.

Who is affected by NIS2?

The NIS2 Directive is basic and important It targets organisations from all sectors, regardless of size and legal form, if they meet specific criteria.

Basic sectors:

  • Energy (electricity, oil, natural gas)

  • Transport (air, rail, road, water)

  • Banking and financial services

  • Healthcare

  • Drinking water and wastewater treatment

  • Digital infrastructures (e.g. cloud providers, DNS providers)

  • Government agencies

  • Space exploration

Important sectors:

  • Manufacturing industry (e.g. pharmaceuticals, mechanical engineering, chemical industry)

  • Food industry

  • Postal and courier services

  • Digital service providers (e.g. online marketplaces, search engines)

  • Waste management

What are the obligations?

Based on NIS2, the organizations concerned they must implement appropriate technical and organizational measures, including:

✅ Risk assessment and management
✅ Incident management and reporting obligation
✅ Network and information security policies
✅ Access management and authorization control
✅ Cybersecurity training for employees
✅ Supply chain risk management
✅ Managerial liability – directors can be held personally liable

What happens if you don't meet the requirements?

The regulation strict sanctions The businesses concerned:

  • Serious for fines can be expected (up to several million euros),

  • They may lose their contracts (especially with state and international partners),

  • They may suffer irreparable reputational damage,

  • They may be subject to regulatory action and mandatory corrective action.

What can you do now? – Steps to compliance

  1. Identifywhether your business is affected by the sectors covered by NIS2.

  2. Start preparing.: conduct an internal audit, evaluate existing security measures.

  3. Develop an action plan for compliance.

  4. Choose a reliable professional partnerwho supports you throughout the entire process.

How does CyberOperations.hu help?

NIS2 pre-audit – assessment of the current status
Creating a compliance plan – customized measures
Professional advice and training
Risk management documentation
Development of an incident reporting and response protocol
Ongoing monitoring and support

Don't delay your preparation!

  1. October 17th is approaching dangerously. Whoever steps in time, not only suitable, but also gain a competitive advantage in the increasingly strict European regulatory environment.

📩 Contact us todayso that together we can make your business's IT system secure and compliant.

NIS2 preparation

Scroll to Top

Fill out the form below with some basic information and one of our staff will contact you within 48 hours. Take the first step towards a safer future!