The NIS2 directive was approved by the EU Council in November 2022 and gives member states until October 2024 to transpose NIS2 into national law to ensure its critical infrastructure sectors are in compliance. However, reaching cybersecurity compliance for utilities requires long cybersecurity programs that necessitate an early start.
NIS2 comes at a time of sustained geopolitical tensions that have exposed critical infrastructure to a higher volume of attacks by advanced and state-sponsored attackers. In this sense, NIS2 is both a regulatory upgrade and an opportunity to invest in more resilient cybersecurity from every angle—people, processes, and technology.