CECIMO Informative note on reporting obligations under NIS2 directive

Following the publication of CECIMO’s document on reporting obligations under the Cyber Resilience Act (CRA) in January 2025, we have developed a complementary document. The new Informative Note: Reporting Obligations under the NIS2 Directive outlines the key elements of the EU’s cybersecurity framework for network and information systems, focusing on essential and important entities.

This document provides companies with a clear and practical overview of the requirements and obligations needed to comply with the directive, covering whether they fall within its scope, how entities are classified, the penalties for non-compliance, and the current state of transposition across the EU.

This informative note serves as a hands-on tool to help manufacturers anticipate and prepare for the directive's impact. It includes:

• A timeline for compliance
• Classification of entities
• Cybersecurity requirements
• Consequences of non-compliance
• Interaction with  other  digital  regulations
• Overview of EU countries that have transposed the directive
• Practical steps to prepare for NIS2

 ++ DOWNLOAD THE FULL DOCUMENT ++