/

Regulation & Framework

/

NIS2

EXPERTISE

NIS2

The EU's updated cybersecurity directive expanded scope across 18 sectors, strict incident reporting, supply-chain security, and personal accountability for management.

What it is — and why it matters.

NIS2 is the EU's updated cybersecurity legislation, significantly expanding the scope and depth of obligations across member states. It replaces the original NIS Directive and reaches a much broader range of organisations including healthcare, energy, transport, digital infrastructure, public administration, manufacturing, and the food supply chain. It requires appropriate technical and organisational measures to manage cybersecurity risk, reporting of significant incidents within strict timelines, and secured supply chains. Critically, it introduces accountability for management bodies. Senior leadership can be held directly responsible for failures.

Who this affects.

NIS2 applies across 18 sectors, split into essential entities (high-criticality sectors like energy, transport, banking, health, digital infrastructure, public administration) and important entities (postal services, waste, chemicals, food, manufacturing, digital providers). It generally applies to medium-sized organisations and above, though some entities are in scope regardless of size.

What's involved

How we help.

Scoping & applicability | Essential vs important, sector and supply-chain analysis to confirm if and how NIS2 applies to you.

Gap analysis | A clear read of where you stand against NIS2's requirements.

Governance & accountability | The structures and management oversight the directive demands.

Risk-management measures | The technical and organisational measures, designed and orchestrated.

Incident response & reporting | Processes that meet the 24h / 72h / one-month timelines.

Supply-chain security | Assessing and governing the suppliers in your scope.

Ongoing managed compliance | Run as part of your managed office, not a one-off project.

Compliance

Within your managed office.

NIS2 sits under Compliance and connects directly to Governance and Risk. We build it into your Managed Security & Risk Office as a natural part of the program — not a separate workstream — integrated alongside every other framework and regulation that applies to you.

Within your managed office.

NIS2 sits under Compliance and connects directly to Governance and Risk. We build it into your Managed Security & Risk Office as a natural part of the program — not a separate workstream — integrated alongside every other framework and regulation that applies to you.

CTRL Disrupt

Your Managed Security & Risk Office.
Based in the Netherlands.

EXPERTISE

ISO 27001

NIS2

BIO2.0

EU AI Act

AI Security & Compliance

Marshalllaan 2
2625 GZ Delft
The Netherlands

© 2026 CTRL Disrupt Consulting B.V. · KvK 87198983 · All rights reserved.