Skarp
Mastering the EU NIS2 Directive: From Legal Framework to Practical Compliance
This course provides a deep, practice-oriented exploration of the EU NIS2 Directive (Directive (EU) 2022/2555), from its legal foundations and scope to hands-on implementation of risk management, incident reporting, and governance. You will learn how NIS2 is being transposed across Member States, what it means for essential and important entities, and how to build a robust, auditable cybersecurity compliance program.
Course Content
11 modules ยท 2h 45m total
NIS2 in Context: Why the EU Reinvented Its Cybersecurity Directive
Introduces the evolution from NIS1 to NIS2, the policy drivers behind the new directive, and its role in the broader EU cybersecurity strategy.
Scope and Entities: Who Must Comply with NIS2?
Deep dive into NIS2โs expanded sectoral scope, the distinction between essential and important entities, and size and sector criteria.
Transposition, Timelines, and Enforcement Reality
Explores Article 41 transposition deadlines, Member State implementation status, and what the October 2024 date and later national timelines mean in practice.
Core Cybersecurity Risk-Management Measures Under NIS2
Breaks down the mandatory risk-management measures NIS2 requires, mapping them to practical controls and common frameworks like ISO 27001.
Incident Reporting and Communication Duties
Covers NIS2โs incident notification timelines, thresholds, and coordination with CSIRTs and competent authorities.
Governance, Management Accountability, and Sanctions
Examines NIS2โs focus on board-level responsibility, management training, and the sanctions regime for non-compliance.
Supply Chain and Third-Party Risk Under NIS2
Focuses on how NIS2 elevates supply chain cybersecurity, including requirements for assessing and managing third-party risk.
National Authorities, CSIRTs, and EU-Level Cooperation
Explores the institutional architecture NIS2 creates, including competent authorities, CSIRTs, EU-CyCLONe, and cooperation mechanisms.
Designing a NIS2 Compliance Program and Roadmap
Translates legal requirements into a practical, phased implementation roadmap, including gap assessment, prioritization, and project governance.
Integrating NIS2 with Existing Frameworks (ISO 27001, SOC 2, Sectoral Rules)
Shows how to leverage existing security and compliance frameworks to meet NIS2 requirements efficiently.
Sector-Specific and Cross-Border Case Studies
Applies NIS2 concepts to realistic scenarios in different sectors (e.g., energy, cloud services, healthcare) and cross-border groups.
Read the Textbook
Read every chapter for free, right here in your browser.
In this module you will **situate NIS2 within the evolution of EU cybersecurity law** and understand **why the EU decided to fundamentally revise its first Network and Information Security Directive (NIS1)**.
**Key timeline (relative to today โ December 2025):** - **2016** โ Directive (EU) 2016/1148 ("NIS1") adopted: the EUโs first horizontal cybersecurity law. - **2018** โ NIS1 implementation deadline for Member States. - **2018โ2020** โ Growing criticism: limited scope, inconsistent implementation, uneven security levels. - **December 2020** โ European Commission proposes NIS2. - **December 2022** โ Directive (EU) 2022/2555 ("NIS2") adopted. - **January 2023** โ NIS2 enters into force. - **17 October 2024** โ Deadline for Member States to transpose NIS2 into national law.
By late 2025, **all Member States are legally required to have implemented NIS2**, though in practice **transposition quality and enforcement maturity vary**.