NIS 2 – stricter cybersecurity requirements. Are you ready?

The EU has launched its most comprehensive cybersecurity directive ever: NIS 2. The directive sets far stricter requirements than its predecessor and applies to businesses across critical sectors such as energy, health, transport, the public sector, and digital infrastructure. Subcontractors and third parties are also covered.

In Norway, the Digital Security Act will come into force on October 1, 2025, but we already know that the government will introduce new legislation that is fully harmonized with NIS 2. This means that Norwegian businesses must also prepare themselves – especially those with customers or partners in the EU.

Why NIS 2 is more than just an IT requirement

NIS 2 goes far beyond pure IT requirements. The directive makes the board and management legally responsible for cybersecurity, requires rapid reporting of incidents, and tightens responsibility for the entire supply chain. At the same time, fines of up to €10 million or 2% of global turnover are introduced for companies that do not meet the requirements. This makes NIS 2 a management responsibility – not just an IT issue. 
 

  • Management responsibility: The board and management are held legally responsible for cybersecurity.
  • Reporting obligation: All significant incidents must be reported quickly and documented.
  • Supplier control: Companies are responsible for security throughout the value chain.
  • High fines: Violations can result in fines of up to €10 million or 2% of global turnover.

The complexity of compliance

The road to compliance is demanding. It involves more than just technology: businesses must establish management structures, implement processes, secure documentation, and build in continuous monitoring.
Many businesses underestimate how resource-intensive this is – and how quickly the deadlines are approaching.

Orange Business ledende i bransjen

Our solution: Enhanced Security for NIS 2 Compliance

To help businesses meet these requirements, we are developing the Enhanced Security for NIS 2 Compliance service.

It provides you with a fast, secure, and cost-effective path to compliance:

  • Cost savings: Share the burden through our joint compliance model. You avoid expensive individual audits and internal compliance programs.
  • Audit-ready documentation: Ready-made reports, templates, and risk registers that can be used directly in audits and inspections.
  • Standardized quality: Certified frameworks and processes ensure predictable deliveries.
  • Reduced risk: We help you avoid fines and legal liability.
  • Continuous monitoring: SOC and MDR/EDR services for ongoing security and incident management.
NIS 2
NIS 2

Why act now?

Let's make NIS 2 compliance easy. Talk to our experts and get a clear plan.

The deadline for compliance is fast approaching, and supervisory authorities will require documentation from day one. By starting the work now, you can avoid rushed solutions and be well prepared for both audits and regulatory requirements.

FAQ

  • Essential and important businesses across sectors such as energy, telecommunications, finance, and healthcare.

  • Yes, it is modular and can be adapted to your current level of maturity and toolset.

  • Fines can be up to €10 million or 2% of global turnover.

  • Depending on their current status, many customers achieve readiness within 6–12 weeks.

  • ISO 27001, ISO 22301, SOC 2 Type II, and local EU certifications where applicable

  • Yes, we include detection, analysis, and assistance with reporting in line with NIS 2 Article 23.

Follow us