ENISA - Technical guidance for NIS2 Implementing Regulation

Guia tecnica de medidas de ciberseguridad para proveedores digitales e infraestructuras.

Regulación: NIS2
Emisor: ENISA
Fuente oficial: https://www.enisa.europa.eu/news/supporting-nis2-implementation-through-actionable-guidance

This site uses cookies. Visit our cookies policy page or click the link in any footer for more information and to change your preferences.

Accept all cookies Accept only essential cookies

Supporting NIS2 implementation through actionable guidance

Back to News

Press ReleaseJun 26,2025

The EU Agency for Cybersecurity (ENISA) publishes a technical guideline for the security measures of the NIS2 Implementing Regulation to assist digital infrastructures and managed service providers.

The NIS2 Directive sets out requirements for cybersecurity risk management measures in 18 critical sectors, such as digital infrastructures, energy, transport or health, which have to be transposed into national law. For the NIS2 Digital Infrastructure and the ICT service management sectors these cybersecurity requirements are further elaborated at EU level, by the Commission Implementing regulation 2024/2690 of 17 October 2024. ENISA now publishes a technical guidance to support companies in these sectors with the implementation of this regulation.

Juhan Lepassaar, Executive Director at ENISA stated: “The implementation of NIS2 is a top priority for ENISA. The Agency is pushing for more alignment and simplification. To achieve that, we are developing practical and technical cybersecurity guidance to support the implementation of cybersecurity measures, on their way to improve the cybersecurity maturity in Europe’s critical sectors.”

This ENISA technical guidance was developed in collaboration with the NIS Cooperation group and the Commission, and we collected feedback from the private sector via an open consultation.

The document provides guidance in the following cybersecurity requirements of the NIS2 Implementing Regulation:

Policy on the security of network and information systems
Risk management policy
Incident handling
Business continuity and crisis management
Supply chain security
Security in network and information systems acquisition, development and maintenance
Policies and procedures to assess the effectiveness of cybersecurity risk-management measures
Basic cyber hygiene practices and security training
Cryptography
Human resources security
Access control
Asset management
Environmental and physical security

In scope of the NIS implementing regulation and this technical guideline are DNS providers, TLD registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers and managed security service providers, providers of online marketplaces, online search engines and social networking services platforms, and trust service providers.

The implementation guidance is not a legally binding document and it is not intended to replace the frameworks, guidance or tools provided by Member States at national level. Companies in scope of the NIS2 should first consult the national authorities in their country, to understand their obligations.

Linking NIS2 security measures to the European Cybersecurity Skills Framework

To support the EU in developing cyber skills, ENISA developed the European Cybersecurity Skills Framework. Developing cybersecurity skills in the workforce is an important challenge for many companies. To implement the NIS2 Directive, companies should define cybersecurity roles and responsibilities. ENISA publishes a guidance document on the skills and the roles of cybersecurity professionals needed to implement the NIS2 measures. Built upon the European Cybersecurity Skills Framework (ECSF), this guidance offers a detailed mapping of NIS2 obligations to relevant ECSF role profiles. Each role is mapped to its specific tasks, while practical use cases are also included.

Share this page Facebook Twitter LinkedIn

Image

Visual with a background image of a NIS2-themed book, featuring the ENISA logo and the text: “Turning security measures into clear practical steps. ENISA publishes technical implementation guide.