NIS2
Network and Information Security Directive 2
Definition
The EU directive establishing cybersecurity requirements for essential and important entities, including financial services firms. NIS2 expands the scope of the original NIS Directive, introduces stricter supervisory measures, and imposes incident reporting obligations with tight timelines (24-hour early warning, 72-hour notification).
Regulatory Context
NIS2 complements DORA for the financial sector. While DORA provides a sector-specific framework for digital operational resilience, NIS2 establishes broader cybersecurity obligations. Where DORA applies, it takes precedence as lex specialis.