NIS2 Is Live: What It Means for AI Service Providers

By Wingston Sharon | October 2024

The transposition deadline for Directive (EU) 2022/2555 — NIS2 — was October 17, 2024. That date has passed. EU member states were required to have transposed the directive into national law by yesterday.

I'll be upfront: not every member state met the deadline. Implementation timelines across the EU are uneven, and some national legislatures are still working through transposition. This is a consistent feature of EU directives versus regulations — unlike a regulation (which applies directly), a directive requires national action. Where that action hasn't happened yet, the situation is legally complicated.

But the direction is clear. NIS2 is the law in a significant number of member states now, and it will be law everywhere in the EU shortly. If you're building AI services that touch critical sectors, this is the regulatory framework you're operating under.

What NIS2 Actually Changes vs NIS1

The original NIS Directive (2016/1148) covered a relatively narrow set of "operators of essential services" — energy, transport, banking, health, digital infrastructure — plus digital service providers. It was criticized, fairly, for being too narrow and for leaving significant inconsistency in how member states implemented it.

NIS2 substantially expands the scope. The new categories of covered entities include:

• Cloud computing service providers — explicitly in scope now
• Managed service providers — if you run infrastructure for others, you're covered
• Data centre service providers
• Content delivery networks
• DNS service providers and domain name registrars
• Online marketplaces, search engines, social networks (above size thresholds)

The directive divides covered entities into essential entities (higher scrutiny, proactive supervision) and important entities (lighter-touch, reactive supervision). The distinction matters for enforcement: essential entities face more frequent audits and higher maximum fines (€10M or 2% of global turnover, whichever is higher). Important entities face fines up to €7M or 1.4% of global turnover.

The Incident Reporting Requirements

This is the operationally demanding part. NIS2 introduces a two-stage notification requirement for significant incidents:

Within 24 hours: An "early warning" to your national CSIRT (Computer Security Incident Response Team) or competent authority. This is a quick notification — you don't need to have the full picture, but you do need to flag that something significant has happened.

Within 72 hours: A "notification" with a preliminary assessment of the incident — its severity, indicators of compromise, and initial impact assessment.

Within 1 month: A final report with a full description, root cause analysis, and mitigation measures taken.

If you're used to GDPR's 72-hour data breach notification, the NIS2 structure is similar but not identical. NIS2 covers incidents affecting service availability and integrity, not just personal data breaches. You may be obligated to report under both regimes for the same incident.

"Significant incident" is defined in terms of impact on service provision — disruption that has or could have significant impact on the delivery of services. The specifics are being elaborated by ENISA and national authorities, but the threshold is broadly: if it affects your ability to deliver services, it probably qualifies.

Supply Chain: The Hard Part

Article 21 of NIS2 requires covered entities to address cybersecurity risk in their supply chains — specifically, the security of relationships with direct suppliers and service providers.

For AI service providers, this cuts two ways.

If you're a managed service provider or cloud provider subject to NIS2, you need to assess the cybersecurity practices of your own suppliers — including the AI model providers and infrastructure components you rely on.

If you're an AI service provider whose customers include NIS2-covered entities — banks, energy companies, healthcare organizations — your customers need to conduct supply chain security assessments of you. Expect to receive questionnaires about your security practices, incident response procedures, and logging capabilities. Customers who can't get satisfactory answers will face pressure to find alternatives.

This creates real market pressure. If you're selling AI services into critical sectors and you can't demonstrate compliance-ready security practices, you're going to lose deals to providers who can. The compliance bar for selling into regulated industries in the EU just rose.

What "Security Measures" Means Practically

Article 21 lists the measures that covered entities must implement:

• Policies on risk analysis and information system security
• Incident handling procedures
• Business continuity and crisis management
• Supply chain security (as above)
• Security in network and information system acquisition, development, and maintenance
• Policies on the effectiveness of cybersecurity risk-management measures
• Basic cyber hygiene practices and cybersecurity training
• Policies on cryptography and, where appropriate, encryption
• Human resources security, access control policies, and asset management
• Multi-factor authentication or continuous authentication

None of this is exotic. It's roughly what a security-conscious organization is already doing. The change is that it's now a legal requirement with audit rights and enforcement teeth, rather than best practice.

For AI systems specifically, the "security in development and maintenance" requirement is relevant. If you're deploying AI models in critical sector contexts, you need to be thinking about model security — prompt injection, data poisoning, output manipulation — as part of your security posture, not just network-layer security.

Jurisdiction: Check Your Specific Member State

I want to be direct about this: member state implementation varies, and some key details — the exact definition of entity thresholds, the specific national authority you report to, enforcement timelines — depend on your jurisdiction.

Germany's BSI is the national authority. France's ANSSI. The Netherlands has NCSC-NL. Each has issued guidance on national implementation that may differ in emphasis from the directive text. If you're operating in multiple member states, you'll need to track each jurisdiction's transposition.

ENISA maintains guidance on NIS2 implementation that's worth bookmarking. The national CSIRT network also provides coordination across borders for cross-border incidents.

What We're Doing at Agentosaurus

Agentosaurus is building AI infrastructure for ESG verification and organization discovery. We're not in the NIS2-essential-entity categories today — we're not providing critical infrastructure. But we serve organizations in regulated sectors, and those organizations are increasingly asking about our security posture as part of their own NIS2 supply chain assessments.

That means we're treating NIS2-aligned security practices as a baseline, even where we're not directly covered. Incident response documentation, access control policies, logging and monitoring — these are things we're building into the platform because our customers need them and because EU regulatory direction is clearly toward more security accountability, not less.

The directives and regulations keep coming. Building infrastructure that can adapt to compliance requirements is increasingly a prerequisite for operating in the EU market.

Reach out if you're navigating NIS2 requirements for AI services — hello@agentosaurus.com.