NIS2 by Industry
Your sector shapes your scope, your risks, and your roadmap. Pick your industry to see what NIS2 means in concrete terms.
The NIS2 Directive applies horizontally across 18 sectors, but the way it lands inside each organization depends on the industry. A hospital, a data center, a steel plant, and a ministry all fall under the same directive, yet the practical controls, the risk picture, and the regulators differ sharply. These guides translate NIS2 into sector-specific terms so your team can move from text to action.
Manufacturing
Medical devices, computers and electronics, machinery, motor vehicles, and other transport equipment. Where IT meets OT on the production line.
Read the guideHealthcare
Hospitals, EU reference labs, medical research, and medical device manufacturers. Where a ransomware event is also a patient safety event.
Read the guideEnergy
Electricity, oil, gas, hydrogen, and district heating or cooling. Grid stability, OT security, and nation-state threat actors.
Read the guideDigital Infrastructure
IXPs, DNS, TLD registries, data centers, cloud, CDNs, trust service providers, and electronic communications. The plumbing of the European internet.
Read the guidePublic Administration
Central government entities and, depending on the member state, regional and local authorities. Legacy stacks, procurement rules, and political exposure.
Read the guideAnother sector?
Banking, transport, water, waste, postal, food, space, research, and chemicals are also in scope. Get in touch for sector-specific guidance.
Ask an expertNot sure which category you fall into?
Essential or important, Annex I or II, medium or large: the boundary lines are narrower than they look. A 30-minute scoping call is usually enough to settle it.