Get compliant with NIS2 in 3 easy steps

Understanding and preparing for the EU’s new cybersecurity directive

What is NIS2?

The NIS2 Directive is the European Union’s updated law on cybersecurity. It aims to make essential and digital services — like healthcare, energy, and IT infrastructure — safer and more resilient against cyber threats.

It applies to medium and large organisations in key sectors, as well as some smaller companies that support essential services.

The rules are now in force across Europe, so if your organisation provides important or critical services, it’s time to get ready. Here’s how to start in three simple steps.

Step 1. Check if your organisation is covered

Start by finding out whether NIS2 applies to you.

You’ll need to check:

• Your sector – for example, energy, healthcare, water, food production, transport, or IT services.
• Your size – generally more than 50 employees or an annual turnover above €10 million.

If your organisation provides services that are critical to society or supports one that does, you’re likely covered.

Step 2. Review your current cybersecurity practices

Next, take a look at how you currently manage cybersecurity risks.

Ask yourself:

• Do we have clear policies and processes in place?
• How do we handle and report incidents?
• Are suppliers and service providers meeting the same security standards?
• Does management have visibility and responsibility for cybersecurity?

This step doesn’t have to be complicated. Start by mapping what’s already in place, and where the biggest gaps are — like missing procedures, unclear roles, or limited staff awareness.

Step 3. Create your action plan

Once you know your gaps, it’s time to build a simple plan. Your plan should outline what needs to be done, who is responsible, and when.

Focus on key NIS2 requirements such as:

• Risk management
• Incident reporting and response
• Business continuity
• Supply chain security
• Training and awareness

You don’t need to have everything perfect right away — the goal is to make steady progress.
Document what you’re doing and keep improving over time.

Getting started made simple

Complying with new regulations can feel overwhelming, but it doesn’t have to be.
By following these three steps, you’re already moving towards stronger cybersecurity and compliance.

To make the process even easier, you can manage it all with the Trustlinks Compliance Platform. You will receive clear, step-by-step guidance on how to meet NIS2 and other frameworks like DORA or ISO 27001, all in one place.

With Trustlinks, you can:

• Follow a structured path to compliance, with practical actions for each requirement
• Document everything easily and store evidence in one secure location
• Stay organised with built-in deadlines, reminders, and progress tracking
• Align with multiple frameworks without duplicating work

Our platform takes the guesswork out of compliance, helping you stay confident, organised, and in control,  every step of the way.

Ready to simplify your NIS2 journey? Trustlinks helps you achieve compliance with a range of regulations.
Explore the Trustlinks compliance platform here!