According to the World Economic Forum’s (WEF) 2023 Global Risks Report, cybersecurity is in the current and future top 10 risks globally, and the cost of cybercrime is projected to hit an annual US$10.5 trillion by 2025. To protect themselves, businesses and individuals, legislators worldwide are introducing and updating regulations to counter this significant threat. In the European Union, the latest piece of legislation aiming to achieve this is the Network and Information Systems Directive (NIS) 2. 

What is NIS2?

NIS2 is an updated regulatory framework established by the European Union aimed at enhancing the security and resilience of essential services and digital infrastructure across member states. The directive builds upon the original NIS Directive, expanding its scope and introducing stricter security requirements. As cyber threats continue to evolve, NIS2 represents a significant step forward in safeguarding critical operations against disruptions and cyberattacks.

What is the aim of NIS2?

NIS2 aims to bolster the overall security posture of businesses across the EU by establishing a harmonized framework for cybersecurity. The directive seeks to ensure that organizations within its scope adopt robust security measures, maintain a high level of resilience, and are prepared to respond effectively to incidents. By enhancing cooperation and information sharing among member states, NIS2 also aims to create a more coordinated response to cybersecurity threats at the EU level.

What are the key requirements of NIS2 and when does it come into effect?

NIS2 introduces several key requirements for organizations, including:

Risk management

Implementing appropriate technical and organizational measures to manage security risks


Reporting significant incidents to relevant authorities within 24 hours

Risk assessment & prevention

Conducting regular risk assessments and taking preventive actions

Supply chain security

Ensuring the security of supply chains and service providers

Backup & disaster recovery

Implementing secure backup and disaster recovery solutions

NIS2 is set to come into effect in 2024, with member states required to transpose the directive into national law by October 2024. Organizations within its scope must ensure compliance by this deadline to avoid potential penalties.

Who has to comply with NIS2?

NIS2 categorizes organizations into two main groups: essential and important entities.

  • Essential entities include sectors such as energy, transport, banking, financial market infrastructures, health, drinking water, digital infrastructure and public administration.
  • Important entities cover other sectors like postal services, waste management, chemicals, food and manufacturing.

Both groups have specific size thresholds, although it is worth noting that an entity may still be considered “essential” or “important” even if it does not meet the size criteria. This can be the case if it is the sole provider of a critical service for societal or economic activity in a member state.

What are some of the key requirements of the NIS2 Directive?


Secure backups and in-depth reporting

One of the critical components of NIS2 is the mandate for secure backups and comprehensive reporting mechanisms. These measures are essential for ensuring that organizations can quickly recover from cyber incidents and maintain business continuity.

Disaster recovery/crisis management

Disaster recovery and crisis management are crucial aspects of NIS2. Organizations must have robust plans to restore data swiftly in the event of a disaster. Whether it's a cyber-attack, human error, natural disaster, or system failure, the ability to recover data promptly is vital for minimizing downtime and financial loss.


To ensure compliance and operational effectiveness, companies are required to perform regular inspections and analyses of backup systems, logs, and reports. This auditability helps verify that backups are conducted according to the company's policies and standards, ensuring data integrity and availability.

Ensure NIS2 compliance with CloudM Backup

At CloudM, we understand the critical importance of secure and reliable data backups. Our solutions are designed to help businesses meet the stringent requirements of NIS2 with ease.

CloudM offers secure backup solutions that ensure your business data is protected against all threats. Our services include:

  • Secure encryption in transit and at rest: we use advanced encryption protocols to protect your data at all stages, ensuring compliance with ISO 27001.
  • Broad and granular restoration options: Whether you need a mass restore, folder restoration, or item-specific recovery, CloudM provides flexible options to suit your needs and ensure you can restore crucial files when you need to.
  • User-friendly dashboards and secure audit logs: ensure your backup policies and processes are in line with internal guidelines and external regulatory requirements using CloudM Backup’s extensive logs, reporting dashboards and notifications.

Become NIS2 compliant today

Latest resources


CloudM’s July release sees new features and improvements for Migrate, Backup, Archive and Automate


Find out more

NIS2: What is it and what do you need to do?


Find out more

What is HIPAA and how can you comply?


Find out more
  • CloudM’s July release sees new features and improvements for Migrate, Backup, Archive and Automate


  • NIS2 Directive: Are you prepared

    NIS2: What is it and what do you need to do?


  • What is HIPAA and how can you comply?


Back to Resources