NIS2

Your support for your NIS 2 journey

We help you comply with the new European CyberSecurity legislation

Cybersecurity
Contact our NIS2 experts

What is the NIS 2 Directive?


The NIS 2 Directive, also known as the Network and Information Security Directive, is a significant piece of legislation aimed at improving cyber security and protecting critical infrastructure across the European Union (EU). It builds upon the previous NIS Directive, addressing its shortcomings and expanding its scope to enhance security requirements, reporting obligations, and crisis management capabilities. Compliance with the NIS 2 Directive is crucial for businesses operating in the EU to safeguard their systems, mitigate cyber threats, and ensure resilience.

The European Commission has published on 16 January 2023 the final text of the NIS 2 Directive - high common level of cybersecurity across the Union, which means that by 17 October 2024 Luxembourg and other member states, must adopt and publish a national legislation incorporating the provisions of the NIS 2.

Proximus NXT helps you to comply with the new European CyberSecurity legislation.

Proximus NXT is one of the leaders in converged ICT and Telecom services in Luxembourg and provides global solutions to all businesses and public administrations. Its areas of expertise include Telecommunication services, ICT infrastructure, Multi-Cloud, Digital Trust Solutions, Cybersecurity, Business Applications, and Managed Services.

In partnership with
Cisco Partner
Cisco Partner
business

Which business sectors are affected by the NIS2 Directive?

Initially, the NIS 1 Directive governed 19 sectors. With this new version, it now covers 35 sectors. The 19 sectors covered by NIS 1 include: energy, transportation, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, digital service management, public administrations, and the space sector.

In addition, NIS 2 expands its scope to the following sectors: postal and shipping services, waste management, chemicals, food, manufacturing, digital service provider and research. Financial sector will also be under Digital Operational Resilience Act (DORA).

The last factors to define your entity as part or not to this Directive are the count of employees and the annual turnover.

All these criteria define above get an impact of the type of entity you’re are; Essential or Important.

legal

What are the risks of not beign compliant for entities?

With the NIS 2 Directive, the sanction regime is strengthened. An organization that fails to implement appropriate risk management measures or fails to promptly notify a security incident for example, risks a fine proportionate to its turnover and level of criticality. Companies may thus be subject to fines of 7 Mo€ or 1.4% of their worldwide turnover for Important Entities and 10 Mo€ or to 2% of their worldwide turnover for Important Entities (whichever one is larger).

In addition, European Union member states have the authority to require entities to undergo audits or inspections. If necessary, they can issue warnings and instructions.

Support your NIS2 compliance requirements with cyber security awareness initiatives

Assessment

The first step of the NIS 2 journey is to have a view on the current situation and the goal to reach. Based on the expertise and the experience of our Cybersecurity and GRC consultancy, Proximus NXT will manage the assessment taking into account the context and your business in order to give you a view on the effort to be NIS 2 compliance.
 

Discover and manage your risks

One of the most important criteria of the law is to know and handle your information system risks. The risk analysis and the follow up will give you the essential visibility of your threats and how to handle them. Proximus NXT is performing this kind of analysis and follow-up pursuant to the ISO 27005.

Improve your Cybersecurity posture

Depending on the NIS 2 article 21, Proximus NXT is able to provide you with advice, solutions and services always linked to your current IT situation and business context. From the implementation to an Information Security Management System, to the installation of Multi Factor Authentication solution, Proximus NXT is able to support you on all security and Cybersecurity improvement. 
 

More than Cybersecurity projects

NIS 2 obligations and requirements do impact several parts of your information system. Depending on your IT model (public / private hosting on premises), Proximus NXT as ICT and telecom provider is able to cover other topics than Cybersecurity. Business Continuity, Communication services, Telecom and Infrastructure are some examples of NIS2 impacts to handle.

Assessment

The first step of the NIS 2 journey is to have a view on the current situation and the goal to reach. Based on the expertise and the experience of our Cybersecurity and GRC consultancy, Proximus NXT will manage the assessment taking into account the context and your business in order to give you a view on the effort to be NIS 2 compliance.
 

Improve your Cybersecurity posture

Depending on the NIS 2 article 21, Proximus NXT is able to provide you with advice, solutions and services always linked to your current IT situation and business context. From the implementation to an Information Security Management System, to the installation of Multi Factor Authentication solution, Proximus NXT is able to support you on all security and Cybersecurity improvement. 
 

Discover and manage your risks

One of the most important criteria of the law is to know and handle your information system risks. The risk analysis and the follow up will give you the essential visibility of your threats and how to handle them. Proximus NXT is performing this kind of analysis and follow-up pursuant to the ISO 27005.

More than Cybersecurity projects

NIS 2 obligations and requirements do impact several parts of your information system. Depending on your IT model (public / private hosting on premises), Proximus NXT as ICT and telecom provider is able to cover other topics than Cybersecurity. Business Continuity, Communication services, Telecom and Infrastructure are some examples of NIS2 impacts to handle.

Contact us
Formulaire
Image CAPTCHA
Get new captcha!
Enter the characters shown in the image.
Cette question sert à vérifier si vous êtes un visiteur humain ou non afin d'éviter les soumissions de pourriel (spam) automatisées.
By submitting this form, I accept the Proximus NXT personal data protection
*required fields
FAQ - NIS 2 Directive

Under the NIS 2 Directive, organizations are required to report any significant cybersecurity incident that impacts the availability, confidentiality, integrity or authenticity of network and information systems. This includes events such as data breaches, ransomware attacks, service outages, unauthorized access, or any incident that could have a substantial effect on critical or essential services.
 Reporting must follow specific timelines and formats, and may involve both early warning notifications and detailed incident reports to national competent authorities.

EU Member States must transpose the NIS 2 Directive into national law by October 17, 2024. Affected organizations will then be expected to comply with the new requirements shortly thereafter.
 To prepare, companies should begin by:

identifying whether they qualify as essential or important entities under NIS 2, conducting a risk and gap assessment of their current cybersecurity posture, reviewing and updating incident response plans, security policies, and governance processes and ensuring they have the capability to monitor, detect and report incidents as required.

NIS 2 introduces stronger enforcement mechanisms and financial penalties for non-compliance. Companies that fail to implement appropriate cybersecurity measures, report incidents, or meet regulatory obligations may face: Administrative fines of up to €10 million or 2% of global annual turnover, whichever is higher, Binding corrective measures, such as mandatory remediation or audits, In some cases, temporary bans for responsible executives from performing managerial functions. The directive empowers national authorities to enforce compliance with greater authority than under NIS 1.
 

A maturity assessment begins with mapping your current cybersecurity controls against the key domains of NIS 2, such as:
risk management, incident response, supply chain security, business continuity, technical and organizational measures.

Using recognized frameworks (e.g., ISO/IEC 27001, NIST CSF), you can identify gaps, prioritize actions, and define a roadmap toward full compliance. Working with external experts can provide objective evaluation, tailored recommendations, and help align your maturity with regulatory expectations.
 

Starting your NIS 2 compliance journey involves a clear, structured approach. The first key steps typically include:
Scoping: Understand whether your organization is in scope, and under which category (essential or important entity).

Gap analysis: Assess existing cybersecurity capabilities and identify where they fall short of NIS 2 standards.

Governance setup: Define roles, responsibilities, and accountability within your organization for NIS 2 compliance.

Action plan: Create a prioritized roadmap, covering technical, procedural, and training needs.

Early preparation will reduce compliance risks and ensure smoother alignment with upcoming national requirements.
 

Navigating NIS 2 requires more than just meeting technical checklists — it demands strategic alignment, regulatory awareness, and operational execution.

A trusted partner can help you:
interpret complex legal and technical requirements, structure your compliance program from assessment to implementation, strengthen your organization’s resilience, governance and incident readiness and ensure full alignment with national transposition of the directive.

Partnering with cybersecurity experts also accelerates the process and limits exposure to unnecessary risks or delays.