The NIS 2 Directive and the sectors affected
Those who previously thought they could ‘hide’ from cybersecurity regulations because of their size, sector of activity or perceived low risk must now realise that the circle of affected companies has been significantly extended. The regulations apply to companies with 50 or more employees in 18 market sectors.
Thus, in addition to the expected CRITIS sectors (energy, transport, water, health, waste, digital infrastructure, public administration or space), NIS-2 also affects qualified trust service providers, top-level domain registries and DNS service providers, providers of public electronic communications networks or publicly available electronic communications services and public administrations.
Furthermore, NIS-2 is relevant to postal and courier services, waste management, chemicals (production and trade), food (production, processing, distribution), manufacturers of certain goods (including medical devices, data processing equipment, mechanical engineering, motor vehicles), digital service providers (social networking platforms) and research organisations.