Header image

Businesses Unsure of NIS2 Compliance Status

Uncertainty on NIS2 compliance remains a month on from deadline.


Senior cybersecurity professionals are – still – “not sure” whether the EU’s NIS2 directive even applies to their organisation, with some admitting their organisation was not compliant with last month’s deadline.

According to a survey of 200 British organisations with over 1,000 employees by Green Raven, more than two-thirds of respondents said that NIS2 does apply to them, but three percent were unsure if NIS2 even applied to them.

The EU’s Network and Information Security Directive (NIS2) aims to improve the overall level of cybersecurity and standardise cyber resilience across the EU, and EU member states were required to transpose NIS2 into their national legislation by 17th October 2024.

Although the UK has left the EU, NIS2 impacts UK organisations that fall under its scope and conduct business in the EU, either as a customer or as a supplier.

Morten Mjels, CEO of Green Raven Limited, said:  “Eventually, failure to be compliant is going to significantly impact the ability of these organisations to do business in Europe, or is going to attract a significant fine for doing business in Europe without being compliant. And saying ‘we weren’t sure’ is unlikely to be much of a defence.”


Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.