NIS2 Compliance for AI Products and Digital Services
NIS2 applies to your AI product if it touches critical infrastructure, digital services, or regulated supply chains. Most teams haven’t assessed it.
NIS2 Directive — in force since October 2024
The NIS2 Directive became applicable across EU member states from 18 October 2024. It significantly expands the scope of its predecessor — bringing new sectors, new entities, and critically, the entire supply chain of essential and important entities into its cybersecurity framework. If your AI system is used by or within a regulated entity, or if your organisation qualifies as an essential or important entity in its own right, NIS2 applies.
NIS2’s central demand is a documented, risk-based approach to cybersecurity — covering governance, incident response, supply chain security, and business continuity — applied consistently across every system and service that could affect the entity’s ability to deliver its functions. For AI systems this creates specific obligations around risk management, incident classification and reporting, supply chain due diligence, and management accountability that interact directly with EU AI Act and CRA requirements landing on the same product.
European Compliance Suite provides specialist NIS2 compliance assessments for AI products and digital services operating in or supplying regulated sectors. We determine whether your organisation and your AI system are in scope, establish your entity classification, map your cybersecurity obligations against NIS2’s requirements, and deliver a documented compliance record specific to your product — mapped against your EU AI Act, GDPR, and CRA position where all apply.
NIS2 Compliance Assessment for Your Digital & AI Systems
A lawyer-built assessment of your AI system’s NIS2 obligations — entity classification, cybersecurity risk management measures, incident reporting framework, supply chain security obligations, management liability exposure, and a documented compliance record your regulators, enterprise clients, and board can rely on.
How NIS2 Directive works for AI products
Four obligation areas. One directive. Direct cybersecurity duties for AI systems in regulated sectors.
NIS2 organises its requirements across four core areas. Each creates specific obligations for AI systems used in or supplied to essential and important entities.
Cybersecurity risk management measures
A documented, risk-based cybersecurity framework covering policies, procedures, and technical measures across ten specified areas — including incident handling, business continuity, supply chain security, access control, encryption, and vulnerability management. AI systems must be assessed as part of this framework, with their specific risk profile documented and controls specified. Risk management under NIS2 is not a one-time exercise — it is an ongoing governance obligation with management accountability attached.
Incident reporting
Classification and mandatory reporting of significant incidents to the relevant national computer security incident response team or competent authority. NIS2 introduces a three-stage reporting timeline — early warning within 24 hours, incident notification within 72 hours, and final report within one month. AI system failures, security breaches, and availability disruptions that meet the significance threshold must be reported on these timelines. Most organisations cannot meet the 24-hour early warning requirement on their current incident response processes.
Supply chain security
Assessment of the cybersecurity risks posed by suppliers and service providers — including AI vendors — and contractual requirements reflecting those risks. NIS2 requires essential and important entities to consider the security practices of every supplier whose products or services could affect their ability to deliver their functions. AI companies supplying regulated entities are directly affected by this obligation — through their clients’ procurement and vendor management processes — and may need to demonstrate their own NIS2-aligned security posture to win and retain regulated sector contracts.
Management accountability
NIS2 imposes personal accountability on management bodies — boards and senior management — for approving cybersecurity risk management measures, overseeing implementation, and ensuring adequate cybersecurity training. Management bodies can be held personally liable for NIS2 violations. For AI companies operating as essential or important entities, this means cybersecurity governance is a board-level obligation, not an IT department function.
Who NIS2 Directive applies to
NIS2 applies to essential and important entities in eighteen sectors, and to the suppliers whose products and services those entities depend on. AI companies frequently find themselves in scope — directly or through their client relationships — without having identified it.
| Entity type | In scope of NIS2? | Classification | Key obligation |
|---|---|---|---|
| Large energy, transport, banking, or health entity | Yes — directly | Essential entity | Full NIS2 compliance including management accountability |
| Medium-sized digital infrastructure or ICT service provider | Yes — directly | Important entity | Full NIS2 compliance — lighter supervisory regime than essential |
| AI company supplying essential or important entities | Yes — indirectly through supply chain obligations | Supplier | Contractual security requirements, security posture demonstration |
| DNS service provider, TLD registry, cloud provider | Yes — directly regardless of size | Essential entity | Full NIS2 compliance |
| Managed security service provider | Yes — directly | Important entity | Full NIS2 compliance |
| Online marketplace, search engine, social network (large) | Yes — directly | Important entity | Full NIS2 compliance |
| Public administration body | Yes — member state discretion on scope | Essential or important | Full NIS2 compliance where designated |
| Small AI company with no regulated sector clients | No — SME exemption applies | Not in scope | No mandatory obligations — but supply chain pressure applies commercially |
| AI company qualifying as essential or important entity in its own right | Yes — directly | Essential or important | Full NIS2 compliance including incident reporting and management accountability |
| Non-EU AI company supplying EU essential or important entities | Yes — through supply chain | Supplier | Security requirements imposed contractually by regulated clients |
Supply chain security: the NIS2 obligation AI suppliers cannot ignore
NIS2’s supply chain security requirements are the provision most AI companies overlook. Essential and important entities must assess the cybersecurity risks posed by their suppliers and service providers, and must take appropriate measures to address those risks — including through contractual requirements. That creates direct commercial and operational pressure on every AI supplier to a regulated entity, regardless of whether the AI company is itself a NIS2 entity.
Three things AI suppliers to regulated entities consistently misunderstand:
- NIS2 supply chain obligations are not confined to direct suppliers. They extend to the entire supply chain — including the AI company’s own upstream dependencies, cloud infrastructure, model APIs, and data providers. An essential entity assessing an AI supplier’s security posture will ask about sub-supplier chains, not just the AI company’s own controls.
- Management accountability under NIS2 means the regulated entity’s board is personally responsible for approving supply chain security measures. That creates board-level pressure to scrutinise AI suppliers more carefully than most vendor management processes currently do. AI companies that cannot demonstrate a documented, risk-based security posture will find themselves removed from procurement shortlists regardless of their product’s technical capability.
- NIS2 incident notification obligations require essential and important entities to report significant incidents within 24 hours. AI suppliers that experience incidents affecting their regulated clients must notify those clients quickly enough to allow them to meet their own reporting obligations. Most AI companies do not have incident notification clauses in their existing contracts that reflect this timeline.
What NIS2 compliance requires for AI products
These are the NIS2 requirements that apply most directly to AI products used in or supplied to essential and important entities — and to AI companies that qualify as NIS2 entities in their own right.
Cross-framework mapping — identification of where NIS2 cybersecurity obligations overlap with CRA security-by-design requirements, EU AI Act technical robustness obligations, and DORA ICT risk management duties — and where satisfying one regime contributes to compliance with another
Entity classification — determination of whether your organisation qualifies as an essential or important entity in its own right, or whether NIS2 reaches your AI product through your clients’ supply chain obligations — the starting point for every subsequent obligation
Sector and size threshold assessment — confirmation of which NIS2 sector your organisation falls within, whether you meet the size thresholds that bring you into scope, and whether any of the size-independent categories — DNS providers, cloud providers, managed security services — apply regardless of size
Cybersecurity risk management framework — documented risk-based cybersecurity measures across NIS2’s ten specified areas: policies, incident handling, business continuity, supply chain security, network security, access control, cryptography, human resources security, authentication, and vulnerability management — assessed against your AI system’s specific risk profile
Incident classification and reporting readiness — definition of what constitutes a significant incident for your AI system, and the internal process to meet NIS2’s three-stage reporting timeline — 24-hour early warning, 72-hour notification, one-month final report — to the relevant national authority
Supply chain security programme — documented assessment of every upstream supplier your AI system depends on, contractual security requirements for critical suppliers, and the security posture documentation your regulated clients will require from you as part of their own NIS2 supply chain obligations
Management accountability framework — board-level cybersecurity governance structure satisfying NIS2’s management body obligations — including approval of cybersecurity risk management measures, oversight mechanisms, and documented cybersecurity training for management
Business continuity and crisis management — documented business continuity plan covering your AI system’s role in your organisation’s critical functions, backup arrangements, disaster recovery procedures, and crisis management protocols — assessed against NIS2’s continuity requirements
Vulnerability disclosure and patch management — documented process for identifying, assessing, and addressing vulnerabilities in your AI system — including coordination with the national CSIRT where significant vulnerabilities are discovered — satisfying NIS2’s vulnerability handling obligations.
One engagement. Every NIS2 obligation mapped for your AI system.
A lawyer-built NIS2 assessment covering entity classification, sector and size threshold determination, cybersecurity risk management framework, incident reporting readiness, supply chain security obligations, management accountability requirements, business continuity planning, and vulnerability handling — documented and specific to your organisation and your AI system, mapped against your EU AI Act, GDPR, CRA, and DORA position where all apply.
Frequently Asked Questions About NIS2 Compliance
What is NIS2 and who does it apply to?
The NIS2 Directive is the EU’s updated network and information security framework, applicable across member states from 18 October 2024. It applies to essential and important entities in eighteen sectors — including energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, ICT service management, public administration, and space — and to the supply chains those entities depend on. It significantly expands the scope of the original NIS Directive, bringing more sectors, more entities, and the entire supplier ecosystem into its cybersecurity framework.
Does NIS2 apply to AI companies directly?
It depends on what the AI company does. An AI company that qualifies as an essential or important entity in its own right — for example, a cloud provider, a managed security service provider, or a digital infrastructure operator — is directly subject to NIS2. An AI company that supplies systems to essential or important entities is subject to NIS2 indirectly — through supply chain security obligations that require regulated clients to assess and manage their AI suppliers’ cybersecurity posture. Either way, NIS2 reaches most commercial AI companies operating in or selling into regulated sectors.
What are the ten cybersecurity risk management areas NIS2 requires?
NIS2 Article 21 specifies ten areas that cybersecurity risk management measures must cover: Policies on risk analysis and information system security; incident handling; business continuity including backup management and disaster recovery; supply chain security including relationships with direct suppliers and service providers; security in network and information systems acquisition, development, and maintenance; policies and procedures to assess the effectiveness of cybersecurity risk management measures; basic cyber hygiene practices and cybersecurity training; policies on cryptography and encryption where appropriate; human resources security, access control policies, and asset management; and the use of multi-factor authentication or continuous authentication solutions. AI systems must be addressed within each of these areas.
What are NIS2’s incident reporting timelines?
NIS2 requires a three-stage reporting process for significant incidents. An early warning must be submitted to the relevant national CSIRT or competent authority within 24 hours of becoming aware of a significant incident. An incident notification with more detail must follow within 72 hours. A final report must be submitted within one month of the incident notification.
For AI systems, a significant incident is one that causes or could cause severe operational disruption, financial loss, or reputational damage to the entity or to other affected parties. Most organisations cannot meet the 24-hour early warning requirement without dedicated incident response procedures built specifically for this timeline.
How does NIS2 define essential versus important entities?
Essential entities are large organisations in high-criticality sectors — energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, ICT service management, public administration, and space — plus certain entities regardless of size including DNS providers, TLD registries, cloud computing providers, data centre services, content delivery networks, and managed security service providers. Important entities are medium-sized organisations in the same sectors, plus additional sectors including postal services, waste management, chemicals, food, manufacturing of critical products, digital providers, and research organisations.
The distinction affects the supervisory regime — essential entities face more intrusive ex ante supervision while important entities are primarily subject to ex post supervision.
What personal liability does NIS2 create for management?
NIS2 Article 20 requires management bodies of essential and important entities to approve cybersecurity risk management measures, oversee their implementation, and complete cybersecurity training.
Management bodies can be held personally liable for NIS2 violations — member states must ensure competent authorities can temporarily prohibit individuals from exercising managerial functions where the entity repeatedly fails to meet its NIS2 obligations. This makes cybersecurity governance a board-level obligation, not an IT department function, for every essential and important entity.
How does NIS2 interact with the CRA for AI products?
NIS2 and the CRA address cybersecurity from different angles and both frequently land on AI products simultaneously. The CRA governs the security of the product itself — security by design, vulnerability handling, and incident reporting obligations for the manufacturer. NIS2 governs the cybersecurity risk management of the organisation and its supply chain — including how it assesses and manages the products it procures. A NIS2 entity procuring an AI product must assess that product against its supply chain security obligations; the AI product manufacturer must meet CRA requirements. Both obligations apply to the same product in the same procurement relationship.
Does NIS2 apply to non-EU AI companies?
Indirectly, yes. Non-EU AI companies supplying essential or important entities in the EU face NIS2 supply chain security requirements through their client relationships. EU essential and important entities must assess and manage the cybersecurity risks posed by their entire supply chain — including non-EU suppliers. Non-EU AI companies that cannot demonstrate adequate security posture will find themselves filtered out of regulated sector procurement regardless of where they are established.
A cross-framework assessment maps where compliance with one regime contributes to compliance with the other, and where they impose distinct and non-overlapping obligations.
What is the SME exemption under NIS2?
NIS2 applies to medium and large organisations — those with 50 or more employees or annual turnover and balance sheet total exceeding €10 million. Microenterprises and small enterprises are generally exempt unless they fall into a size-independent category such as cloud provider, DNS service provider, or managed security service provider. The exemption does not apply where the small entity is part of the supply chain of an essential entity and is identified as critical — supply chain security obligations can reach small AI suppliers regardless of their size if their product is critical to a regulated client.
How does NIS2 interact with DORA for financial sector AI?
NIS2 and DORA both apply to financial sector entities — banks, investment firms, insurance companies, and financial market infrastructure — but DORA is lex specialis for financial entities and takes precedence where both apply to the same obligation. In practice, financial entities that comply with DORA’s ICT risk management, incident reporting, and third-party oversight requirements are considered to satisfy the equivalent NIS2 obligations. AI companies supplying financial entities must satisfy DORA’s third-party requirements as the primary framework, with NIS2 applying to their own organisation where they qualify as an essential or important entity in their own right.
How do I start NIS2 compliance for my AI system?
Four steps in order. First, determine whether your organisation qualifies as an essential or important entity in its own right, or whether NIS2 reaches your AI product through your clients’ supply chain obligations. Second, if directly in scope, assess your cybersecurity risk management framework against NIS2’s ten specified areas and identify the gaps. Third, establish your incident classification framework and the internal process to meet the 24-hour early warning timeline. Fourth, map your upstream supplier dependencies and assess the security posture documentation your regulated clients will require from you.
A lawyer-built assessment covers all four steps and delivers a documented compliance position specific to your organisation and your AI system — mapped against your EU AI Act, GDPR, CRA, and DORA position where all apply.