EU NIS2 Directive

The EU NIS2 Directive, Directive (EU) 2022/2555, is the bloc’s network-and-information-security law adopted 14 December 2022, with member states required to transpose it by 17 October 2024. It widens the earlier 2016 NIS Directive, classing maritime transport and port operators among essential or important entities and imposing risk-management measures, supply-chain security, and 24-hour early incident notification, backed by fines up to 10 million euro or 2 percent of global turnover. For EU-linked shipping companies it sits alongside the IMO MSC.428(98) cyber-risk-in-the-SMS regime, adding shore-side obligations the IMO instrument does not reach.