Unlock unlimited alerts, exports & API access — RuleWatch Pro at $29/mo

Regulation dossier

European Union

NIS2 Directive

CybersecurityIn Effect

A focused view of the rule, its enforcement posture, and the timeline teams should keep in their operating plan.

Plain-English summary

What this regulation means

Built for operators

NIS2 expands the EU cybersecurity framework to more sectors and entities and requires management-approved cybersecurity risk management measures and incident reporting. It affects essential and important entities across energy, transport, health, digital infrastructure, public administration, manufacturing, and other critical sectors. The directive also increases supervisory and penalty powers and coordinates cross-border cooperation.

Reading guide

Use the timeline below to see how the rule progressed from enactment to current obligations.

Related regulations surface adjacent requirements in the same jurisdiction or policy lane.

Timeline

Regulatory lifecycle

Sequence: Entered Into Force -> Transposition Deadline
  1. 1

    Jan 16, 2023

    Entered Into Force

    NIS2 entered into force at the EU level twenty days after publication in the Official Journal.

  2. 2

    Oct 17, 2024

    Transposition Deadline

    Member States reached the deadline to transpose NIS2 into national law.

Pro feature

📊 Stay ahead of this regulation

Get email alerts when this regulation changes and export records to CSV for your compliance workflow — available with RuleWatch Pro.

  • →Email alerts when this regulation is updated or enforced
  • →Export to CSV or JSON for compliance reporting
  • →API access to integrate regulation tracking into your workflows
See what's included

Subscribe for regulation alerts

Get alerts for this regulation →

Free weekly digest for compliance professionals following material legal changes.

No spam. Professional updates only.

Free to join. Unsubscribe anytime.

Related regulations

What else belongs on the watchlist

Pulled from the same jurisdiction or category so teams can compare adjacent obligations quickly.

European Union

EU AI Act

AI RegulationIn Effect

The EU AI Act creates a single risk-based rulebook for AI across the bloc, ranging from outright bans on a narrow set of uses to detailed duties for high-risk systems and general-purpose AI models. It affects providers, deployers, importers, distributors, and product manufacturers that place AI systems on the EU market or use them in the EU. Core requirements include risk management, technical documentation, transparency, human oversight, post-market monitoring, and incident reporting.

Effective
Aug 1, 2024
View detail

European Union

General Data Protection Regulation

PrivacyIn Effect

The GDPR sets the EU baseline for personal-data processing, requiring lawful bases, transparency, security safeguards, and rights for access, deletion, and objection.

Effective
May 25, 2018
View detail

Texas, United States

Texas Cybersecurity Program

CybersecurityIn Effect

Texas gives certain businesses a safe harbor from exemplary damages after a breach if they implemented and maintained a qualifying cybersecurity program. It affects Texas businesses that handle sensitive personal information and pushes them toward recognized cybersecurity frameworks and scaled security controls.

Effective
Sep 1, 2025
View detail