Safeguard
Tag

NIS2

Safeguard articles tagged "NIS2" — guides, analysis, and best practices for software supply chain and application security.

12 articles

Solutions

Software Supply Chain Security for SaaS

SaaS companies are a supply chain for everyone else, which is why the EU Cyber Resilience Act, NIS2, SOC 2, and DORA now push obligations onto them. Here is how to build a program that satisfies customers and regulators alike.

Jul 5, 20266 min read
Compliance

NIS2 Directive explained: the software and supply-chain obligations

NIS2 rewired EU cybersecurity law around supply-chain security, vulnerability handling, and 24-hour incident reporting. Here is who is in scope and what your software teams now have to prove.

Jul 1, 20267 min read
Regulatory Compliance

NIS2's First Enforcement Wave (May 2026): What the Early Proceedings Tell Compliance Teams

By May 2026 the first NIS2 enforcement actions are surfacing across early-transposing member states, starting with registration and notification failures. We analyze what authorities are pursuing first and how to build evidence that survives the escalation.

May 20, 202611 min read
Compliance

NIS2 in the Netherlands: Cyberbeveiligingswet Adoption in April 2026

The Dutch Parliament approved the Cyberbeveiligingswet on 15 April 2026, with target entry into force on 1 July 2026 — 21 months after the EU transposition deadline.

May 6, 20267 min read
Regulation

France's NIS2 Transposition: Inside the Resilience Bill

France's Senate passed the Resilience bill on 12 March 2025 — the omnibus law transposing NIS2 and CER — after the Commission's reasoned opinion of 7 May 2025 escalated infringement proceedings.

Apr 22, 20267 min read
Regulatory Compliance

NIS2 Directive Supply Chain Obligations in 2026

NIS2 has been in force across the EU since October 2024, and member state enforcement is now operating in earnest. The supply chain obligations are the ones most organizations underestimated.

Apr 8, 20265 min read
Compliance

NIS2 in Spain: The Delayed Transposition and Commission Reasoned Opinion

Spain's draft NIS2 law was approved by the Council of Ministers on 14 January 2025, but had not been published in the BOE by January 2026, triggering Commission action.

Feb 9, 20266 min read
Regulation

Germany's NIS2 Transposition: BSI Act in Force December 2025

Germany's NIS2 implementing law took effect 6 December 2025 with no transition period, expanding regulated entities from 4,500 to roughly 29,000 and giving the BSI direct sanction powers.

Jan 20, 20267 min read
Regulatory Compliance

EU NIS2 Directive: Enforcement at One Year

Twelve months after the NIS2 transposition deadline, enforcement is uneven, fines are real, and software supply chain obligations are starting to bite.

Aug 15, 20254 min read
Compliance

NIS2 Directive: What EU Software Vendors Must Do Now

NIS2 is in force, transposition is late in half the EU, and the obligations bind anyway if you're in scope. The supply chain security and 24-hour reporting duties, decoded.

Jul 8, 20256 min read
Compliance

NIS2 in Italy: Legislative Decree 138/2024 and the Tiered Sanctions Regime

Italy's NIS2 transposition entered into force on 16 October 2024 via Decree 138/2024, with fines reaching 10 million EUR or 2% of global turnover for essential entities.

Jun 18, 20256 min read
Compliance & Frameworks

EU NIS2 Directive: What Software Supply Chain Teams Need to Know

The NIS2 Directive imposes new cybersecurity obligations across the EU, with specific requirements for supply chain risk management that affect software vendors and their customers.

Apr 25, 20247 min read
NIS2 — Safeguard Blog