The EU’s Network and Information Security (NIS2) directive is almost here. Affected entities should be preparing for NIS2 compliance before October 17, 2024, the date EU nations must enact NIS2 implementing laws. Some critical infrastructure operators affected by the 2016 NIS1 directive have mature NIS2 programs. But NIS2 affects tens of thousands more small and medium organizations that must gain management support for a NIS2 program, engage IT and operational technology (OT) security professionals and draft implementation plans. These steps will minimize compliance risks.