CECIMO Informative note on reporting obligations under NIS2 directive

Following the publication of CECIMO’s document on reporting obligations under the Cyber Resilience Act (CRA) in January 2025, we have developed a complementary document. The new Informative Note: Reporting Obligations under the NIS2 Directive outlines the key elements of the EU’s cybersecurity framework for network and information systems, focusing on essential entities.

This document provides companies with a clear and practical overview of the requirements and obligations needed to comply with the directive, covering whether they fall within its scope, how entities are classified, the penalties for non-compliance, and the current state of transposition across the EU.

This informative note serves as a hands-on tool to help manufacturers anticipate and prepare for the directive's impact. It includes:

• A timeline for compliance
• Classification of entities
• Cybersecurity requirements
• Consequences of non-compliance
• Interaction with  other  digital  regulations
• Overview of EU countries that have transposed the directive
• Practical steps to prepare for NIS2

🔵 THIS DOCUMENT IS AVAILABLE UPON REQUEST 🔵

For more information please contact Olha Hunchak