The NIS2 Directive (Network and Information Security Directive 2) is the EU’s updated cybersecurity legislation that significantly expands security requirements for Irish businesses. Here’s what Dublin companies need to know about compliance.
What is NIS2?
NIS2 is the EU’s revised directive on cybersecurity, replacing the original NIS Directive from 2016. It introduces:
- Stricter security requirements
- Broader scope covering more sectors and company sizes
- Significant penalties for non-compliance
- Mandatory incident reporting within 24 hours
- Personal liability for management
Does NIS2 Apply to Your Dublin Business?
NIS2 applies to two categories of organisations:
Essential Entities (Higher Requirements)
- Energy (electricity, oil, gas)
- Transport (air, rail, water, road)
- Banking and financial infrastructure
- Healthcare
- Water supply
- Digital infrastructure (DNS, cloud providers, data centres)
- Public administration
Important Entities
- Postal and courier services
- Waste management
- Chemical manufacturing
- Food production and distribution
- Medical device manufacturers
- Digital providers (online marketplaces, search engines, social networks)
- Any medium or large company in covered sectors
Size thresholds: Generally applies to companies with 50+ employees OR €10 million+ annual turnover. However, some critical sectors have no size exemption.
Key NIS2 Requirements
Risk Management Measures
- Risk analysis and security policies
- Incident handling procedures
- Business continuity and crisis management
- Supply chain security
- Security in network and system acquisition
- Cybersecurity training
- Cryptography and encryption policies
- Access control and asset management
- Multi-factor authentication
Incident Reporting
- 24 hours: Early warning notification
- 72 hours: Incident notification with assessment
- 1 month: Final report with root cause analysis
Penalties for Non-Compliance
| Entity Type | Maximum Fine |
|---|---|
| Essential Entities | €10 million or 2% of global turnover |
| Important Entities | €7 million or 1.4% of global turnover |
Management liability: Directors and senior management can be held personally responsible for compliance failures.
How to Prepare Your Dublin Business
- Assess applicability – Determine if NIS2 applies to your organisation
- Gap analysis – Compare current security measures against NIS2 requirements
- Implement controls – Address gaps in risk management and security
- Document everything – Policies, procedures, and incident response plans
- Train staff – Cybersecurity awareness for all employees
- Test and audit – Regular security assessments and penetration testing
- Prepare reporting – Incident detection and reporting capabilities
How Everything IT Can Help
As an ISO 27001 certified IT support company in Dublin, Everything IT helps businesses achieve NIS2 compliance through:
- Security gap assessments
- 24/7 security monitoring
- Incident response planning
- Cybersecurity training
- Backup and disaster recovery
- Network security implementation