The NIS 2 Directive is a set of cybersecurity guidelines and requirements established by the European Union (EU) . It replaces and repeals the NIS Directive (Directive 2016/1148/EC) . The full name of the directive is “Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)” . The NIS 2 Directive aims to improve cybersecurity risk management and introduce reporting obligations across sectors such as energy, transport, health, and digital infrastructure . It provides legal measures to boost the overall level of cybersecurity in the EU . The directive covers a larger share of the economy and society by including more sectors, which means that more entities are obliged to take measures to increase their level of cybersecurity . The management bodies of essential and important entities must approve the cybersecurity risk-management measures taken by those entities, oversee its implementation, and can be held liable for infringements . Who is affected? The NIS 2 Directive significantly expands the sectors and type of critical entities falling under its scope….