NISS

The NIS 2 Directive

This section is dedicated to providing an overview of the DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (hereinafter the ‘NIS2 Directive’).

The NIS2 Directive shall be transposed into national law by 17 October 2024 (Projet de loi 8364​). Until the entry into force of the transposition, the NIS1 law remains applicable. The main new features of the NIS2 Directive are explained below.​

Important: The European Commission has published Implementing Regulation EU 2024/2690 of 17 October 2024.

Disclaimer: The ‘questions and answers’ section below is intended to improve the understanding of the provisions of the NIS 2 Directive by those concerned. However, it does not constitute a final interpretation of the various terms of the NIS 2 Directive and the general explanations provided by the Institute may vary over time, in particular depending on the transposition of the NIS 2 Directive into Luxembourg law.

Scope and field of application
More information
Security measures and supervision under NIS2
More information
Incident notification under NIS2
More information
Information sessions
More information
Frequently asked questions about NIS2 (FAQ)
More information

The NIS2 Directive brings several new features to the supervision of cybersecurity. The major changes are the following:

  1. definition of uniform criteria to determine the entities that fall within the scope of this directive by default;
  2. introduction of new sectors within the scope, grouping them into the categories ‘important’ and ‘essential’;
  3. risk management measures are to be applied to all networks and information systems that support the entity’s activities, not just those that support the essential services;
  4. liability of management bodies of entities falling within the scope of the NIS 2 Directive;
  5. harmonisation of security measures to be applied (establishing security policies, ensuring security in the supply chain, etc.);
  6. clarification of the rules on incidents to be notified by the entities to the competent authorities.

Consult the different topics below for more information.

Developers, robot work at laptop with magnifier. Industrial cybersecurity, industrial robotics malware, safeguarding of industrial robotics concept. Pinkish coral bluevector isolated illustration

Publications

Consult the latest available publications on the NISS sector.

Lancement du portail centralisé de notification d’incidents sur la plateforme SERIMA pour NIS1/NIS2, CCEE, GDPR et CER
Publication Communiqués NISS May 2, 2025
More information
Lancement du portail centralisé de notification d’incidents sur la plateforme SERIMA pour NIS1/NIS2, CCEE, GDPR et CER
Publication Communiqués NISS May 2, 2025
More information
Définition des différents secteurs d'activité concernés par la directive NIS2
Publication Autres publications NISS November 6, 2024
More information
Presentation sessions d'informations
Publication NISS September 30, 2024
More information
6 mesures de sécurité fondamentales
Publication Guides NISS August 30, 2024
More information
1 sur
All the sector's publications
  • Secure your organisation

    The NISS department ensures that the law regarding the security of networks and information systems is properly enforced in several sectors.

    More information
  • NIS 2 Directive

    Receive more information on the NIS 2 Directive.

    More information
  • Incident notification

    For incident notification, please use the online form.

    More information