NIS2 (Network and Information Security Directive 2) is the European directive strengthening cybersecurity for essential and important entities. It extends obligations to supply chains: organisations must now assess and manage the cyber risks of their suppliers and subcontractors. Applicable since October 2024, it requires formal third-party risk management measures across all in-scope sectors.
