RSS

Is your company concerned by NIS2?

arthurmyx1 pts0 comments

Is your company concerned by NIS2? | Probo

Get compliant

About The people and vision powering Probo Blog The latest news from Probo Stories Hear from our customers Changelog Latest product updates Docs Documentation for Probo GitHub Explore our open-source compliance tools<br>Back to Blog<br>May 25, 2026, by Arthur Mayoux<br>Is your company concerned by NIS2?<br>NIS2 came into force in October 2024. Thousands of europeans companies are now under new cybersecurity obligations, and most of them don't know it yet.<br>You’ve probably heard of NIS2 without being sure it applies to you. Here’s the honest answer: it probably does. And even if it doesn’t directly, your clients might force your hand anyway

Or you’re a US company and someone just forwarded you an email about NIS2 compliance. Your first instinct is to ignore it. Before you do: check whether you have European customers. If you do, this might be your problem too.

NIS2 is the EU’s updated cybersecurity directive. Its predecessor covered a few hundred critical operators across Europe. NIS2 expands that to tens of thousands of entities, across every EU member state.

Two questions to figure out if you’re in scope

NIS2 applies based on two criteria: your sector and your size.

Your sector. The directive splits companies into two buckets:

Essential entities: energy, transport, banking, healthcare, water, digital infrastructure

Important entities: postal services, waste management, chemicals, food, manufacturing, digital providers

Your size. You’re in scope if:

You have more than 50 employees, OR

Your annual revenue exceeds €10 million

Tick both boxes, sector and size, and you’re almost certainly covered.

You’re a supplier. You think you’re safe. You’re not.

This is where most SMBs get it wrong.

NIS2 doesn’t just target companies directly. It requires every in-scope company to secure its supply chain. Which means your clients, if they’re subject to NIS2, will push the obligation down to you.

Concretely:

Your clients will ask for proof of your security posture

Contracts can be refused or suspended if you don’t meet their requirements

The regulatory pressure flows all the way down the chain, even to the smallest suppliers

If you work with hospitals, banks, energy companies, or public infrastructure, expect the question to land on your desk if it didn’t happened yet.

What NIS2 actually requires you to do

If you’re in scope, the directive imposes concrete obligations:

Report security incidents to the national authority within 24 hours

Put cybersecurity governance at board level , this isn’t something you can delegate to a junior IT person

Run regular risk analyses , documented, not theoretical

Secure your access controls : strong authentication, supplier management, network segmentation

Test your business continuity and recovery plans , on paper doesn’t count

What happens if you ignore it

Fines for essential entities: up to €10 million or 2% of global revenue , whichever is higher.

For important entities: up to €7 million or 1.4% of global revenue .

But the real kicker: directors can be held personally liable. This isn’t a fine that lands on the company and disappears into overheads. It can land on you, personally.

Where to start

If you haven’t assessed your NIS2 exposure yet, the first step is a gap analysis. Not a full compliance program, just an honest picture of where you stand and what’s missing.

Most companies that do this find the situation is more manageable than they feared. The problems are specific, the fixes are prioritisable, and the path is clearer than the regulation itself suggests.

Quick self-check:

Is my sector on the NIS2 list?

Do I have more than 50 employees or €10M in revenue?

Do any of my clients fall under NIS2?

Do I have a documented incident response process?

Is cybersecurity a board-level topic in my company?

If you answered “no” or “not sure” to any of these, now is the right time to find out.

Written by Arthur Mayoux

Arthur Mayoux

is the Chief of Staff at Probo. Working across multiple<br>departments, his primary objective is to help the company scale.

Sign up for our newsletter to get actionable insights about compliance,<br>right to your inbox.

Subscribe

Managed frameworks

Not seeing the one you are looking for?

Reach out, we likely do it as well.

GDPR

CCPA

SOC 2

SOC 3

SOC 2 Type 1

SOC 2 Type 2

HIPAA

CASA

ISO 27001

FERPA

Get compliant

nis2 company probo companies entities compliance

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.