NIS2 Directive
In Simple Terms
The EU's updated cybersecurity directive that expands security requirements to more sectors and imposes stricter incident reporting and management liability rules.
Formal Legal Definition
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, replacing the original NIS Directive (2016/1148) and expanding scope, obligations, and enforcement.
Practical Example
A medium-sized Finnish energy company must now implement cybersecurity risk management measures, report significant incidents within 24 hours, and ensure management bodies are trained in cybersecurity.
Why It Matters
NIS2 significantly expands the scope of EU cybersecurity obligations and introduces personal liability for management bodies, making cybersecurity a board-level responsibility.
Common Misunderstandings
NIS2 is a Directive, not a Regulation — each member state implements it through national law. Finland's implementation may add additional requirements beyond the EU minimum.
Related Terms
How snowLEX helps with NIS2 Directive
snowLEX can explain NIS2 requirements, identify which entities fall in scope, and show how Finland has implemented the directive in national law.
Try snowLEX Free