The European Unition Directive for high common level of cybersecurity of Network and Information Systems (NIS2), coming into effect in October 2024, brings new regulations for CYBER PROTECTION OF critical infrastructure – including maritime COMPANIES 

The Directive provides legal measures to boost the overall level of cybersecurity in the EU by ensuring:

  • Member States’ preparedness, by requiring them to be appropriately equipped. For example, with a Computer Security Incident Response Team (CSIRT) and a competent national network and information systems (NIS) authority; 

  • Cooperation among all the Member States, by setting up a Cooperation Group to support and facilitate strategic cooperation and the exchange of information among Member States;

  • A culture of security across sectors that are vital for our economy and society and that rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.



NIS2 applies to:

  • Inland, sea and coastal passenger and freight water transportcompanies, not including the individual vessels operated by those companies

  • Managing bodies of ports, including their port facilities, andentities operating works and equipment contained within ports

  • Operators of vessel traffic services (VTS)


NIS2 includes requirements for:

  • Protecting network and information systems, including both IT and OT

  • Cyber incident reporting, initial report to be filed typically within 24 hours

  • Risk management governance

  • Safeguarding supply chains


Non-compliance may lead to:

  • Fines up to Euros 10,000,000 or 2% of the global annual revenue of the company (higher of them)

  • In some cases, the top company executives may be held personally liable


How to prepare for NIS2

 Cydome can help you prepare NIS2 readiness and compliance based on established best practices.

CONTACT US to learn more about nis2 and how Cydome can help you comply

Cydome Maritime Cybersecurity
Skip to content