SOCDefense Logo

NIS2 Pillar

NIS2 affected sectors: does it apply to you?

Map your organization to Annex I/II sectors, validate your operational obligations, and trigger a 60-second diagnostic.

Take the 60s testSee operational pack

Essential entities (Annex I)

  • • Energy
  • • Transport
  • • Banking
  • • Financial market infrastructure
  • • Health
  • • Drinking water
  • • Waste water
  • • Digital infrastructure
  • • ICT service management
  • • Public administration
  • • Space

Important entities (Annex II)

  • • Postal and courier services
  • • Waste management
  • • Chemical industry
  • • Food production, processing and distribution
  • • Manufacturing
  • • Digital providers
  • • Research

What NIS2 requires in practice

  • • Continuous detection and triage workflows.
  • • Incident response playbooks and evidence retention.
  • • Regulated reporting cadence (24h / 72h / 30 days).
  • • Leadership accountability with measurable controls.

What the operational pack includes

  • • NIS2 scorecard (60 seconds).
  • • 30/90-day activation checklist.
  • • Tabletop exercise template for executives and IT.
  • • Budget one-pager to justify operational priorities.

FAQ

Who is covered by NIS2?

Entities in Annex I (essential) and Annex II (important) sectors, based on sector and size thresholds defined by each member state.

What is the difference between essential and important entities?

Both must implement security measures and report incidents, but supervision and enforcement intensity can differ.

What incident deadlines should I plan for?

Initial notification around 24h, incident update around 72h, and final report around 30 days, depending on local transposition.

Is outsourced security enough?

Outsourcing helps, but accountability remains with your organization. You still need governance, evidence, and reporting capacity.

Does NIS2 require continuous monitoring?

NIS2 requires effective risk management and incident handling. In practice, many organizations implement continuous detection coverage.

What evidence should be retained?

Detection timeline, triage decisions, containment actions, communications, root cause, and remediation records.

How long does a 30/90 day activation plan take?

The first 30 days set governance and baseline controls; by day 90, organizations should have detection, reporting, and drills running.

How can SOCDefense help?

SOCDefense aligns operational detection, response workflows, and evidence management so NIS2 requirements become executable controls.

Run your quick NIS2 diagnostic

Get a practical baseline and identify your next operational priority in less than 60 seconds.

Start now