{"id":19353,"date":"2025-03-06T14:00:41","date_gmt":"2025-03-06T13:00:41","guid":{"rendered":"https:\/\/edorteam.com\/nis2-regulations-obligations-and-requirements-for-companies\/"},"modified":"2026-05-04T17:34:32","modified_gmt":"2026-05-04T15:34:32","slug":"nis2-regulations-obligations-and-requirements-for-companies","status":"publish","type":"page","link":"https:\/\/nova.edorteam.com\/en\/nis2-regulations-obligations-and-requirements-for-companies\/","title":{"rendered":"NIS2 Regulations: Obligations and requirements for companies"},"content":{"rendered":"<div class=\"et_pb_section_0 et_pb_section et_section_regular et_block_section\"><div class=\"et_pb_row_0 et_pb_row et_pb_equal_columns et_block_row\"><div class=\"et_pb_column_0 et_pb_column et_pb_column_1_2 et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_text_0 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><h2>NIS2 Regulations: Is your company prepared to comply with the European directive?<\/h2>\n<\/div><\/div><div class=\"et_pb_text_1 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><p>The NIS2 Directive requires companies in <strong>essential sectors<\/strong> to adopt advanced protection and risk management measures. In Spain, this means that <strong>thousands of companies must adapt to new requirements<\/strong> for security, risk management, and incident reporting. <\/p>\n<\/div><\/div><div class=\"et_pb_module et_pb_button_module_wrapper et_pb_button_0_wrapper\"><a class=\"et_pb_button_0 et_pb_button et_pb_bg_layout_dark et_pb_module et_block_module\" href=\"#cadena\">NIS2-required companies<\/a><\/div><div class=\"et_pb_module et_pb_button_module_wrapper et_pb_button_1_wrapper\"><a class=\"et_pb_button_1 et_pb_button et_pb_bg_layout_dark et_pb_module et_block_module\" href=\"#asesoria\" data-icon=\"$\">We help you comply with NIS2<\/a><\/div><\/div><div class=\"et_pb_column_1 et_pb_column et_pb_column_1_2 et-last-child et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_image_0 et_pb_image et_pb_module et_block_module\"><span class=\"et_pb_image_wrap\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nova.edorteam.com\/wp-content\/uploads\/directiva-nis2-empresas-guia.png\" width=\"639\" height=\"553\" srcset=\"https:\/\/nova.edorteam.com\/wp-content\/uploads\/directiva-nis2-empresas-guia.png 639w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/directiva-nis2-empresas-guia-480x415.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) 639px, 100vw\" class=\"wp-image-16887\" title=\"NIS2 Regulations: Obligations and requirements for companies\" alt=\"NIS2 Directive: Is your company prepared to comply with the new regulations?\" \/><\/span><\/div><\/div><\/div><\/div><div class=\"et_pb_section_1 et_pb_section et_section_specialty et_pb_gutters3 et_block_section\"><div class=\"et_pb_row et_block_row\"><div class=\"et_pb_column_2 et_pb_column et_pb_column_single et_pb_column_1_3 et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_image_1 et_pb_image et_animated et_pb_module et_block_module\"><span class=\"et_pb_image_wrap\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nova.edorteam.com\/wp-content\/uploads\/gente-esta-trabajando-proyecto-hombre-mujer-traje-sentado-mesa-hombres-negocios-usan-computadora-portatil_1157-41846.jpg\" width=\"1380\" height=\"920\" srcset=\"https:\/\/nova.edorteam.com\/wp-content\/uploads\/gente-esta-trabajando-proyecto-hombre-mujer-traje-sentado-mesa-hombres-negocios-usan-computadora-portatil_1157-41846.jpg 1380w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/gente-esta-trabajando-proyecto-hombre-mujer-traje-sentado-mesa-hombres-negocios-usan-computadora-portatil_1157-41846-1280x853.jpg 1280w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/gente-esta-trabajando-proyecto-hombre-mujer-traje-sentado-mesa-hombres-negocios-usan-computadora-portatil_1157-41846-980x653.jpg 980w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/gente-esta-trabajando-proyecto-hombre-mujer-traje-sentado-mesa-hombres-negocios-usan-computadora-portatil_1157-41846-480x320.jpg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) and (max-width: 1280px) 1280px, (min-width: 1281px) 1380px, 100vw\" class=\"wp-image-16900\" title=\"people-are-working-project-man-woman-suit-sitting-table-men-business-use-laptop_1157-41846\" alt=\"NIS2 Directive companies\" \/><\/span><\/div><div class=\"et_pb_text_2 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><h3>Organizations included in these categories must implement new security measures and prepare for strict cybersecurity audits to comply with the NIS2 Regulations.<\/h3>\n<\/div><\/div><div class=\"et_pb_divider_0 et_pb_divider et_pb_space et_pb_divider_position_top et_pb_module\"><div class=\"et_pb_divider_internal\"><\/div><\/div><\/div><div class=\"et_pb_column_3 et_pb_column et_pb_specialty_column et_pb_column_2_3 et-last-child et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_row_inner_0 et_pb_row_inner et_block_row\"><div class=\"et_pb_column_inner_0 et_pb_column_inner et_pb_column et_pb_column_4_4 et-last-child et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_text_3 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><h2 id=\"obligadas\">Which companies must comply with the NIS2 Regulations?<\/h2>\n<p>NIS2 expands the scope of the previous regulations (NIS1), including more sectors and companies. There are two main categories of affected entities:<\/p>\n<\/div><\/div><\/div><\/div><div class=\"et_pb_row_inner_1 et_pb_row_inner et_block_row\"><div class=\"et_pb_column_inner_1 et_pb_column_inner et_pb_column et_pb_column_1_3 et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_text_4 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><h3 data-start=\"1042\" data-end=\"1078\">High-criticality sectors<\/h3>\n<p data-start=\"1079\" data-end=\"1223\">Companies with <strong data-start=\"1092\" data-end=\"1116\">more than 250 employees<\/strong> or an annual turnover exceeding <strong data-start=\"1159\" data-end=\"1183\">50 million euros<\/strong> that operate in critical sectors:<\/p>\n<p>\u26a1 Energy<\/p>\n<p>\ud83c\udfe6 Banking and financial infrastructures<\/p>\n<p>\ud83c\udfe5 Healthcare sector<\/p>\n<p>\ud83d\ude86 Transportation<\/p>\n<p>\ud83d\udce1 Digital infrastructure<\/p>\n<p>\ud83d\udca7 Drinking water and sanitation<\/p>\n<p>\ud83c\udfdb Public administration<\/p>\n<p>\ud83d\udedc ICT service providers<\/p>\n<p>\ud83d\ude80 Space<\/p>\n<\/div><\/div><\/div><div class=\"et_pb_column_inner_2 et_pb_column_inner et_pb_column et_pb_column_1_3 et-last-child et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_text_5 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><h3 data-start=\"1042\" data-end=\"1078\">Other critical sectors (NIS2 expansion)<\/h3>\n<p data-start=\"1497\" data-end=\"1627\">Companies with <strong data-start=\"1510\" data-end=\"1533\">more than 50 employees<\/strong> or revenues exceeding <strong data-start=\"1558\" data-end=\"1582\">10 million euros<\/strong>, operating in strategic sectors such as:<\/p>\n<p>\ud83d\udd2c Research and development<\/p>\n<p>\ud83e\uddea Chemical industry<\/p>\n<p>\ud83c\udf7d Food production and distribution<\/p>\n<p>\ud83d\udce6 Postal and courier services<\/p>\n<p>\ud83d\udcbb Digital service providers<\/p>\n<p>\ud83c\udfed Industrial manufacturing<\/p>\n<p>\u267b\ufe0f Waste management<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"et_pb_section_2 et_pb_section et_section_regular et_block_section\"><div class=\"et_pb_row_1 et_pb_row et_pb_row_4col et_pb_equal_columns et_pb_gutters2 et_block_row et_block_row_4col\"><div class=\"et_pb_column_4 et_pb_column et_pb_column_1_4 et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_text_6 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module et_pb_text_align_right\"><div class=\"et_pb_text_inner\"><h2 id=\"obligaciones\">Obligations of the NIS2 Regulations for companies<\/h2>\n<\/div><\/div><div class=\"et_pb_text_7 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module et_pb_text_align_right\"><div class=\"et_pb_text_inner\"><p>Failure to comply with the regulations may result in <strong>fines of up to 10 million euros or 2% of global turnover,<\/strong> whichever is greater.<\/p>\n<\/div><\/div><\/div><div class=\"et_pb_column_5 et_pb_column et_pb_column_1_4 et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_blurb_0 et_pb_blurb et_pb_bg_layout_light et_pb_text_align_center et_pb_blurb_position_top et_pb_module et_block_module\"><div class=\"et_pb_blurb_content\"><div class=\"et_pb_main_blurb_image\"><span class=\"et_pb_image_wrap\"><span class=\"et-pb-icon et_animated et_animated\">\uf002<\/span><\/span><\/div><div class=\"et_pb_blurb_container\"><h3 class=\"et_pb_module_header\">Cybersecurity risk management in the company<\/h3><div class=\"et_pb_blurb_description\"><p>Identification and mitigation of digital threats.<\/p>\n<\/div><\/div><\/div><\/div><div class=\"et_pb_blurb_1 et_pb_blurb et_pb_bg_layout_light et_pb_text_align_center et_pb_blurb_position_top et_pb_module et_block_module\"><div class=\"et_pb_blurb_content\"><div class=\"et_pb_main_blurb_image\"><span class=\"et_pb_image_wrap\"><span class=\"et-pb-icon et_animated et_animated\">\uf110<\/span><\/span><\/div><div class=\"et_pb_blurb_container\"><h3 class=\"et_pb_module_header\">Continuity and recovery plan<\/h3><div class=\"et_pb_blurb_description\"><p>Implementation of backups and disaster recovery protocols.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"et_pb_column_6 et_pb_column et_pb_column_1_4 et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_blurb_2 et_pb_blurb et_pb_bg_layout_light et_pb_text_align_center et_pb_blurb_position_top et_pb_module et_block_module\"><div class=\"et_pb_blurb_content\"><div class=\"et_pb_main_blurb_image\"><span class=\"et_pb_image_wrap\"><span class=\"et-pb-icon et_animated et_animated\">\uf0c1<\/span><\/span><\/div><div class=\"et_pb_blurb_container\"><h3 class=\"et_pb_module_header\">Supply chain protection<\/h3><div class=\"et_pb_blurb_description\"><p>Risk assessment with suppliers and third parties.<\/p>\n<\/div><\/div><\/div><\/div><div class=\"et_pb_blurb_3 et_pb_blurb et_pb_bg_layout_light et_pb_text_align_center et_pb_blurb_position_top et_pb_module et_block_module\"><div class=\"et_pb_blurb_content\"><div class=\"et_pb_main_blurb_image\"><span class=\"et_pb_image_wrap\"><span class=\"et-pb-icon et_animated et_animated\">\uf577<\/span><\/span><\/div><div class=\"et_pb_blurb_container\"><h3 class=\"et_pb_module_header\">Access monitoring and control<\/h3><div class=\"et_pb_blurb_description\"><p>Security in networks, passwords, and multi-factor authentication.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"et_pb_column_7 et_pb_column et_pb_column_1_4 et-last-child et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_blurb_4 et_pb_blurb et_pb_bg_layout_light et_pb_text_align_center et_pb_blurb_position_top et_pb_module et_block_module\"><div class=\"et_pb_blurb_content\"><div class=\"et_pb_main_blurb_image\"><span class=\"et_pb_image_wrap\"><span class=\"et-pb-icon et_animated et_animated\">\uf0f3<\/span><\/span><\/div><div class=\"et_pb_blurb_container\"><h3 class=\"et_pb_module_header\">Cybersecurity incident notification<\/h3><div class=\"et_pb_blurb_description\"><p>Mandatory communication of cyberattacks within 24 to 72 hours.<\/p>\n<\/div><\/div><\/div><\/div><div class=\"et_pb_blurb_5 et_pb_blurb et_pb_bg_layout_light et_pb_text_align_center et_pb_blurb_position_top et_pb_module et_block_module\"><div class=\"et_pb_blurb_content\"><div class=\"et_pb_main_blurb_image\"><span class=\"et_pb_image_wrap\"><span class=\"et-pb-icon et_animated et_animated\">\uf51c<\/span><\/span><\/div><div class=\"et_pb_blurb_container\"><h3 class=\"et_pb_module_header\">Cybersecurity training<\/h3><div class=\"et_pb_blurb_description\"><p>Training for employees and managers.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"et_pb_section_3 et_pb_section et_section_regular et_block_section\"><div class=\"et_pb_row_2 et_pb_row et_block_row\"><div class=\"et_pb_column_8 et_pb_column et_pb_column_1_2 et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_text_8 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><h2 id=\"cadena\">Impact of NIS2 on the supply chain<\/h2>\n<p>The NIS2 Directive has a direct or indirect impact on most companies. If your company belongs to one of the critical sectors mentioned above, <strong>even if it has fewer than 50 employees, you will likely need to adapt<\/strong> due to your business relationships with customers or suppliers who are subject to the regulations. <\/p>\n<\/div><\/div><div class=\"et_pb_blurb_6 et_pb_blurb et_pb_bg_layout_light et_pb_blurb_position_left et_pb_module et_block_module\"><div class=\"et_pb_blurb_content\"><div class=\"et_pb_blurb_container\"><h3 class=\"et_pb_module_header\">\u27a1\ufe0f Companies with direct impact<\/h3><div class=\"et_pb_blurb_description\"><p data-start=\"473\" data-end=\"569\">If your company meets any of these conditions, you must comply with the requirements of NIS2:<\/p>\n<p data-start=\"571\" data-end=\"844\">\u2714 <strong data-start=\"573\" data-end=\"596\">More than 50 employees<\/strong> and a turnover exceeding <strong data-start=\"626\" data-end=\"650\">10 million euros<\/strong>.<br data-start=\"651\" data-end=\"654\">\u2714 Belonging to a <strong data-start=\"673\" data-end=\"723\">strategic or critical sector in cybersecurity<\/strong> (energy, transport, healthcare, banking, etc.).<br data-start=\"768\" data-end=\"771\">\u2714 Dependence on <strong data-start=\"788\" data-end=\"841\">digital infrastructures and essential services<\/strong>.<\/p>\n<\/div><\/div><\/div><\/div><div class=\"et_pb_blurb_7 et_pb_blurb et_pb_bg_layout_light et_pb_blurb_position_left et_pb_module et_block_module\"><div class=\"et_pb_blurb_content\"><div class=\"et_pb_blurb_container\"><h3 class=\"et_pb_module_header\">\ud83d\udd17 Companies with indirect impact (supply chain)<\/h3><div class=\"et_pb_blurb_description\"><p data-start=\"917\" data-end=\"1046\">If you work with companies that must comply with NIS2 (suppliers, partners, customers in regulated sectors), it is possible that:<\/p>\n<ul>\n<li data-start=\"1048\" data-end=\"1325\">They will require <strong data-start=\"1060\" data-end=\"1094\">certifications such as ISO 27001<\/strong> to ensure information security.<\/li>\n<li data-start=\"1048\" data-end=\"1325\">You may have to <strong data-start=\"1158\" data-end=\"1225\">demonstrate compliance with good practices in cybersecurity<\/strong>.<\/li>\n<li data-start=\"1048\" data-end=\"1325\">You must adopt <strong data-start=\"1239\" data-end=\"1286\">specific digital security protocols<\/strong> to maintain the business relationship.<\/li>\n<\/ul>\n<\/div><\/div><\/div><\/div><\/div><div class=\"et_pb_column_9 et_pb_column et_pb_column_1_2 et-last-child et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_image_2 et_pb_image et_pb_module et_block_module\"><span class=\"et_pb_image_wrap\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nova.edorteam.com\/wp-content\/uploads\/retrato-empresario-seguro_107420-84866.jpg\" width=\"1380\" height=\"920\" srcset=\"https:\/\/nova.edorteam.com\/wp-content\/uploads\/retrato-empresario-seguro_107420-84866.jpg 1380w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/retrato-empresario-seguro_107420-84866-1280x853.jpg 1280w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/retrato-empresario-seguro_107420-84866-980x653.jpg 980w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/retrato-empresario-seguro_107420-84866-480x320.jpg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) and (max-width: 1280px) 1280px, (min-width: 1281px) 1380px, 100vw\" class=\"wp-image-16906\" alt=\"NIS2 Directive and impact on companies by supply chain\" \/><\/span><\/div><div class=\"et_pb_text_9 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><h4>If you still don't know how the NIS2 Regulations affect you, at Edorteam we help you identify your level of compliance and implement the necessary measures.<\/h4>\n<\/div><\/div><div class=\"et_pb_divider_1 et_pb_divider et_pb_space et_pb_divider_position_top et_pb_module\"><div class=\"et_pb_divider_internal\"><\/div><\/div><\/div><\/div><\/div><div class=\"et_pb_section_4 et_pb_section et_section_regular et_block_section section_has_divider et_pb_top_divider\"><div class=\"et_pb_top_inside_divider et-no-transition\"><\/div><div class=\"et_pb_row_3 et_pb_row et_pb_equal_columns et_block_row\"><div class=\"et_pb_column_10 et_pb_column et_pb_column_2_3 et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_text_10 et_pb_text et_pb_bg_layout_dark et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><p id=\"kitconsulting\">We speak your language<\/p>\n<h2>\ud83d\udca1 Comply with the NIS2 Regulations with the help of Edorteam<\/h2>\n<\/div><\/div><div class=\"et_pb_text_11 et_pb_text et_pb_bg_layout_dark et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><p>At Edorteam, we understand that adapting to <strong>new cybersecurity regulations such as the NIS2 Directive can seem complex,<\/strong> full of technical requirements and complicated concepts. That's why we strive to explain everything to you in a simple and direct way, ensuring that you understand each step we take to protect your company. <\/p>\n<p data-start=\"1572\" data-end=\"1780\">With over 30 years of experience protecting companies, we are <strong>specialists in cybersecurity and regulatory compliance.<\/strong> Our team advises you so that your company complies with regulations without complications.<\/p>\n<\/div><\/div><div class=\"et_pb_blurb_8 et_pb_blurb et_pb_bg_layout_dark et_pb_blurb_position_left et_pb_module et_block_module\"><div class=\"et_pb_blurb_content\"><div class=\"et_pb_main_blurb_image\"><span class=\"et_pb_image_wrap\"><span class=\"et-pb-icon et_animated et_animated\">N<\/span><\/span><\/div><div class=\"et_pb_blurb_container\"><h3 class=\"et_pb_module_header\">NIS2 Regulations and cybersecurity consulting services<\/h3><div class=\"et_pb_blurb_description\"><ul>\n<li>Audit and risk analysis.<\/li>\n<li>Implementation of security measures.<\/li>\n<li>Cybersecurity training for employees.<\/li>\n<li>Cyber incident management and notification.<\/li>\n<li>Preparation for ISO 27001 and ENS certifications.<\/li>\n<\/ul>\n<\/div><\/div><\/div><\/div><div class=\"et_pb_module et_pb_button_module_wrapper et_pb_button_2_wrapper\"><a class=\"et_pb_button_2 et_pb_button et_pb_bg_layout_dark et_pb_module et_block_module\" href=\"#contacto\" data-icon=\"$\">Contact our experts now<\/a><\/div><\/div><div class=\"et_pb_column_11 et_pb_column et_pb_column_1_3 et-last-child et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_code_0 et_pb_code et_pb_module\"><div class=\"et_pb_code_inner\"><lite-youtube videoid=\"zqvB5-PhUPA\" style=\"background-image: url('https:\/\/nova.edorteam.com\/wp-content\/uploads\/normativa-nis2-video-empresas-ciberseguridad.jpg'); background-size: cover;aspect-ratio: 9\/16; max-width: 608px;\"><\/lite-youtube><\/div><\/div><\/div><\/div><\/div><div class=\"et_pb_section_5 et_pb_section et_section_regular et_block_section\"><div class=\"et_pb_row_4 et_pb_row et_pb_gutters2 et_block_row et_animated\"><div class=\"et_pb_column_12 et_pb_column et_pb_column_1_3 et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_code_1 et_pb_code et_pb_module\"><div class=\"et_pb_code_inner\"><lite-youtube videoid=\"KiidMCKR3oM\" style=\"background-image: url('https:\/\/nova.edorteam.com\/wp-content\/uploads\/kit-consulting-agente-nis2.jpg'); background-size: cover;aspect-ratio: 9\/16; max-width: 864px;\"><\/lite-youtube><\/div><\/div><\/div><div class=\"et_pb_column_13 et_pb_column et_pb_column_2_3 et-last-child et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_text_12 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><h2 id=\"kitconsulting\">Take advantage of the Consulting Kit to comply with the NIS2 Regulations at no cost to your company<\/h2>\n<\/div><\/div><div class=\"et_pb_text_13 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><p>Thanks to the <strong>Consulting Kit<\/strong>, companies with between 10 and 249 employees can receive non-refundable aid to implement cybersecurity solutions, including an <strong>audit of adaptation to the NIS2 Directive.<\/strong> In addition, these aids are 100% compatible with the Digital Kit, you can request the Consulting Kit even if you are a digital agent!<\/p>\n<\/div><\/div><div class=\"et_pb_image_3 et_pb_image et_pb_module et_block_module\"><span class=\"et_pb_image_wrap\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nova.edorteam.com\/wp-content\/uploads\/logos_proyecto_KIT-CONSULTING_0.png\" width=\"1800\" height=\"262\" srcset=\"https:\/\/nova.edorteam.com\/wp-content\/uploads\/logos_proyecto_KIT-CONSULTING_0.png 1800w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/logos_proyecto_KIT-CONSULTING_0-1280x186.png 1280w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/logos_proyecto_KIT-CONSULTING_0-980x143.png 980w, https:\/\/nova.edorteam.com\/wp-content\/uploads\/logos_proyecto_KIT-CONSULTING_0-480x70.png 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) and (max-width: 1280px) 1280px, (min-width: 1281px) 1800px, 100vw\" class=\"wp-image-13842\" title=\"NIS2 Regulations: Obligations and requirements for companies\" \/><\/span><\/div><div class=\"et_pb_text_14 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module\"><div class=\"et_pb_text_inner\"><h3>Why Edorteam?<\/h3>\n<p>At Edorteam, we have a team of cybersecurity experts and extensive experience in implementing audits for companies in all sectors. We ensure that your company is protected against digital threats, complies with current regulations and is prepared for the digital future. <\/p>\n<p>&nbsp;<\/p>\n<h3>Contact our experts and avoid penalties<\/h3>\n<p><a href=\"#contacto\">Contact us now<\/a> or call us at 973 248 601 to receive a cybersecurity audit proposal 100% tailored to the needs of your business.<\/p>\n<p>Discover how to improve your company's cybersecurity!<\/p>\n<\/div><\/div><div class=\"et_pb_module et_pb_button_module_wrapper et_pb_button_3_wrapper\"><a class=\"et_pb_button_3 et_pb_button et_pb_bg_layout_dark et_pb_module et_block_module\" href=\"#contacto\" data-icon=\"$\">We call you<\/a><\/div><\/div><\/div><\/div><div class=\"et_pb_section_6 et_pb_section et_section_regular et_block_section\"><div class=\"et_pb_row_5 et_pb_row et_block_row et_animated\"><div class=\"et_pb_column_14 et_pb_column et_pb_column_4_4 et-last-child et_block_column et_pb_css_mix_blend_mode_passthrough\"><div class=\"et_pb_text_15 et_pb_text et_pb_bg_layout_light et_pb_module et_block_module et_pb_text_align_center\"><div class=\"et_pb_text_inner\"><h2 id=\"faqs\">Frequently asked questions about the NIS2 Directive<\/h2>\n<\/div><\/div><div class=\"et_pb_toggle_0 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">What is the difference between NIS2 and the original NIS?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p>NIS2 is an update to the European Union's first cybersecurity regulation, the NIS Directive, in force in Spain since 2021, through Royal Decree 43\/2021, which regulates the security of networks and information systems in companies in essential sectors.<\/p>\n<p>These regulations were created to improve security in essential sectors and protect European society and the economy from increasingly complex and frequent digital threats.<\/p>\n<p>The NIS2 Directive introduces stricter cybersecurity requirements, including more sectors and actors, establishes shorter deadlines for incident notification, and strengthens sanctions for companies that do not comply with the regulations.<\/p>\n<\/div><\/div><div class=\"et_pb_toggle_1 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">Who must comply with NIS2?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p>NIS2 applies to companies and entities in essential sectors such as energy, transport, financial services, health, and water supply, among others. It also affects digital service providers such as cloud services and data exchange platforms.  <a href=\"#obligadas\">You can consult the detailed list here.<\/a><\/p>\n<\/div><\/div><div class=\"et_pb_toggle_2 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">What are the main requirements imposed by the NIS2 Directive on companies?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p>The main requirements include the implementation of appropriate cybersecurity measures, the notification of security incidents within 24 hours, the designation of those responsible for the security of the network and information systems, and the performance of regular security audits. <a href=\"#obligaciones\">You can consult a list of the main obligations of NIS2 here.<\/a><\/p>\n<\/div><\/div><div class=\"et_pb_toggle_3 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">How does NIS2 affect small and medium-sized enterprises?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p>The NIS2 Directive considers systemic risk, which means that small companies, with fewer than 50 employees, if they play a critical role in the supply chain, must also adapt to NIS2.<\/p>\n<p>With NIS2, you have the responsibility to assess and manage risks not only in your own company, but also in your supply chain. That is, even if your operations are under control, a failure in one of your suppliers may put the supply chain at risk, like a domino effect. <\/p>\n<p>Therefore, if your company belongs to one of these sectors considered essential, it is recommended that you get up to date with NIS2, regardless of your number of employees, as you run the risk that one of your clients will ask you to prove that you meet their minimum security requirements to continue working with you.<\/p>\n<\/div><\/div><div class=\"et_pb_toggle_4 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">What happens if a company does not comply with the NIS2 Directive?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p>Companies that do not comply with the requirements established by NIS2 may face significant financial penalties and, in serious cases, the interruption of their commercial activities. Fines can reach up to 2% of their global annual turnover. <\/p>\n<\/div><\/div><div class=\"et_pb_toggle_5 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">What types of incidents must be reported under NIS2?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p> Under NIS2, security incidents that affect the availability, integrity, or confidentiality of essential services must be reported to the competent authorities. This includes cyberattacks, security breaches, and any other incident that may affect the provision of essential or trusted services. <\/p>\n<\/div><\/div><div class=\"et_pb_toggle_6 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">Does NIS2 establish any training obligation for company personnel?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p> Yes, NIS2 requires companies to provide ongoing cybersecurity training to their staff. This includes both employees and managers, in order to ensure that everyone understands the security policies and procedures. <\/p>\n<\/div><\/div><div class=\"et_pb_toggle_7 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">What role do service providers play in NIS2?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p>Service providers that are subcontracted by companies in essential sectors must also comply with the requirements of NIS2. Companies must ensure that their service providers comply with cybersecurity regulations to protect the supply chain.  <a href=\"#cadena\">You can read more information about it here.<\/a><\/p>\n<\/div><\/div><div class=\"et_pb_toggle_8 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">What security measures must companies implement under NIS2?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p>Companies must implement risk-based cybersecurity measures, including access controls, intrusion detection and prevention systems, cryptography, vulnerability management, audits, and incident response plans, among others.<\/p>\n<\/div><\/div><div class=\"et_pb_toggle_9 et_pb_toggle et_pb_toggle_item et_pb_toggle_close et_pb_module et_block_module preset--module--divi-toggle--default\"><h3 class=\"et_pb_toggle_title\">What bodies supervise compliance with NIS2?<\/h3><div class=\"et_pb_toggle_content clearfix\"><p>Compliance with NIS2 is supervised by the national cybersecurity authorities of each country. In Spain, the <a href=\"https:\/\/www.interior.gob.es\/opencms\/ca\/detalle\/articulo\/El-Consejo-de-Ministros-aprueba-el-anteproyecto-de-Ley-de-Coordinacion-y-Gobernanza-de-la-Ciberseguridad\/\" target=\"_blank\" rel=\"noopener\">draft Law on Coordination and Governance of Cybersecurity<\/a> has been approved and the foundations have been laid for the National Cybersecurity Center, which is key to managing crises and coordinating national strategies. <\/p>\n<p>This draft law also aims to strengthen collaboration between Interior, Defense and Digital Transformation to ensure a comprehensive response to cyber threats.<\/p>\n<\/div><\/div><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-19353","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NIS2 Regulations: Obligations and requirements for companies - Edorteam<\/title>\n<meta name=\"description\" content=\"Discover how the NIS2 Regulations affect your company and the measures needed to comply with this European cybersecurity directive.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIS2 Regulations: Obligations and requirements for companies - Edorteam\" \/>\n<meta property=\"og:description\" content=\"Discover how the NIS2 Regulations affect your company and the measures needed to comply with this European cybersecurity directive.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nova.edorteam.com\/en\/nis2-regulations-obligations-and-requirements-for-companies\/\" \/>\n<meta property=\"og:site_name\" content=\"Edorteam\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/edorteam\/\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-04T15:34:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nova.edorteam.com\/wp-content\/uploads\/cumplimiento-legal-empresas-abogado.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"598\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@edorteam\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/nis2-regulations-obligations-and-requirements-for-companies\\\/\",\"url\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/nis2-regulations-obligations-and-requirements-for-companies\\\/\",\"name\":\"NIS2 Regulations: Obligations and requirements for companies - Edorteam\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/#website\"},\"datePublished\":\"2025-03-06T13:00:41+00:00\",\"dateModified\":\"2026-05-04T15:34:32+00:00\",\"description\":\"Discover how the NIS2 Regulations affect your company and the measures needed to comply with this European cybersecurity directive.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/nis2-regulations-obligations-and-requirements-for-companies\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/nis2-regulations-obligations-and-requirements-for-companies\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/nis2-regulations-obligations-and-requirements-for-companies\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NIS2 Regulations: Obligations and requirements for companies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/\",\"name\":\"Consultor\u00eda Compliance y protecci\u00f3n de datos\",\"description\":\"Empresa de Ciberseguridad y Protecci\u00f3n de Datos\",\"publisher\":{\"@id\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/#organization\"},\"alternateName\":\"Edorteam\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/#organization\",\"name\":\"Edorteam | Cibersecurity services and data protection company\",\"alternateName\":\"Edorteam\",\"url\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nova.edorteam.com\\\/wp-content\\\/uploads\\\/cropped-favicon.png\",\"contentUrl\":\"https:\\\/\\\/nova.edorteam.com\\\/wp-content\\\/uploads\\\/cropped-favicon.png\",\"width\":512,\"height\":512,\"caption\":\"Edorteam | Cibersecurity services and data protection company\"},\"image\":{\"@id\":\"https:\\\/\\\/nova.edorteam.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/edorteam\\\/\",\"https:\\\/\\\/x.com\\\/edorteam\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/edorteam\\\/\",\"https:\\\/\\\/www.instagram.com\\\/edorteam\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NIS2 Regulations: Obligations and requirements for companies - Edorteam","description":"Discover how the NIS2 Regulations affect your company and the measures needed to comply with this European cybersecurity directive.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"NIS2 Regulations: Obligations and requirements for companies - Edorteam","og_description":"Discover how the NIS2 Regulations affect your company and the measures needed to comply with this European cybersecurity directive.","og_url":"https:\/\/nova.edorteam.com\/en\/nis2-regulations-obligations-and-requirements-for-companies\/","og_site_name":"Edorteam","article_publisher":"https:\/\/www.facebook.com\/edorteam\/","article_modified_time":"2026-05-04T15:34:32+00:00","og_image":[{"width":1000,"height":598,"url":"https:\/\/nova.edorteam.com\/wp-content\/uploads\/cumplimiento-legal-empresas-abogado.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@edorteam","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nova.edorteam.com\/en\/nis2-regulations-obligations-and-requirements-for-companies\/","url":"https:\/\/nova.edorteam.com\/en\/nis2-regulations-obligations-and-requirements-for-companies\/","name":"NIS2 Regulations: Obligations and requirements for companies - Edorteam","isPartOf":{"@id":"https:\/\/nova.edorteam.com\/en\/#website"},"datePublished":"2025-03-06T13:00:41+00:00","dateModified":"2026-05-04T15:34:32+00:00","description":"Discover how the NIS2 Regulations affect your company and the measures needed to comply with this European cybersecurity directive.","breadcrumb":{"@id":"https:\/\/nova.edorteam.com\/en\/nis2-regulations-obligations-and-requirements-for-companies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nova.edorteam.com\/en\/nis2-regulations-obligations-and-requirements-for-companies\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nova.edorteam.com\/en\/nis2-regulations-obligations-and-requirements-for-companies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/nova.edorteam.com\/en\/"},{"@type":"ListItem","position":2,"name":"NIS2 Regulations: Obligations and requirements for companies"}]},{"@type":"WebSite","@id":"https:\/\/nova.edorteam.com\/en\/#website","url":"https:\/\/nova.edorteam.com\/en\/","name":"Consultor\u00eda Compliance y protecci\u00f3n de datos","description":"Empresa de Ciberseguridad y Protecci\u00f3n de Datos","publisher":{"@id":"https:\/\/nova.edorteam.com\/en\/#organization"},"alternateName":"Edorteam","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nova.edorteam.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/nova.edorteam.com\/en\/#organization","name":"Edorteam | Cibersecurity services and data protection company","alternateName":"Edorteam","url":"https:\/\/nova.edorteam.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/nova.edorteam.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/nova.edorteam.com\/wp-content\/uploads\/cropped-favicon.png","contentUrl":"https:\/\/nova.edorteam.com\/wp-content\/uploads\/cropped-favicon.png","width":512,"height":512,"caption":"Edorteam | Cibersecurity services and data protection company"},"image":{"@id":"https:\/\/nova.edorteam.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/edorteam\/","https:\/\/x.com\/edorteam","https:\/\/www.linkedin.com\/company\/edorteam\/","https:\/\/www.instagram.com\/edorteam\/"]}]}},"_links":{"self":[{"href":"https:\/\/nova.edorteam.com\/en\/wp-json\/wp\/v2\/pages\/19353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nova.edorteam.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nova.edorteam.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nova.edorteam.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nova.edorteam.com\/en\/wp-json\/wp\/v2\/comments?post=19353"}],"version-history":[{"count":3,"href":"https:\/\/nova.edorteam.com\/en\/wp-json\/wp\/v2\/pages\/19353\/revisions"}],"predecessor-version":[{"id":20490,"href":"https:\/\/nova.edorteam.com\/en\/wp-json\/wp\/v2\/pages\/19353\/revisions\/20490"}],"wp:attachment":[{"href":"https:\/\/nova.edorteam.com\/en\/wp-json\/wp\/v2\/media?parent=19353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}