10 June 2025

In fact, one could argue that the original Network and Information Security (NIS) Directive was already somewhat out of date when it became effective in 2018 in that it only applied to limited types of organizations and left too many implementation details to individual member states. These among many other shortfalls.
Bear in mind, even for non-EU businesses, NIS2 has serious implications from a regulatory reach, supply chain obligations, or best-practice alignment, its baseline standards are fast becoming global norms. Here are some additional points to consider, wherever you are based:
- If you trade in the EU, you must comply with its laws, which include NIS2
- If you trade with EU businesses, they will have a duty to ensure their suppliers will not put them in breach of the new laws, so you may find yourself having to comply with it to retain your EU customers
- Finally, if you don’t fit in the first two categories and your country doesn’t have this kind legislation, it’s still good practice to see what others are doing
Find out more about this timely NIS2 Directive and how to “unleash your inner Ethan Hunt” to protect your network by reading this Why Securing the Edge for NIS2 doesn’t need to be Mission Impossible blog.