NIS2
Safeguard articles tagged "NIS2" — guides, analysis, and best practices for software supply chain and application security.
12 articles
Software Supply Chain Security for SaaS
SaaS companies are a supply chain for everyone else, which is why the EU Cyber Resilience Act, NIS2, SOC 2, and DORA now push obligations onto them. Here is how to build a program that satisfies customers and regulators alike.
NIS2 Directive explained: the software and supply-chain obligations
NIS2 rewired EU cybersecurity law around supply-chain security, vulnerability handling, and 24-hour incident reporting. Here is who is in scope and what your software teams now have to prove.
NIS2's First Enforcement Wave (May 2026): What the Early Proceedings Tell Compliance Teams
By May 2026 the first NIS2 enforcement actions are surfacing across early-transposing member states, starting with registration and notification failures. We analyze what authorities are pursuing first and how to build evidence that survives the escalation.
NIS2 in the Netherlands: Cyberbeveiligingswet Adoption in April 2026
The Dutch Parliament approved the Cyberbeveiligingswet on 15 April 2026, with target entry into force on 1 July 2026 — 21 months after the EU transposition deadline.
France's NIS2 Transposition: Inside the Resilience Bill
France's Senate passed the Resilience bill on 12 March 2025 — the omnibus law transposing NIS2 and CER — after the Commission's reasoned opinion of 7 May 2025 escalated infringement proceedings.
NIS2 Directive Supply Chain Obligations in 2026
NIS2 has been in force across the EU since October 2024, and member state enforcement is now operating in earnest. The supply chain obligations are the ones most organizations underestimated.
NIS2 in Spain: The Delayed Transposition and Commission Reasoned Opinion
Spain's draft NIS2 law was approved by the Council of Ministers on 14 January 2025, but had not been published in the BOE by January 2026, triggering Commission action.
Germany's NIS2 Transposition: BSI Act in Force December 2025
Germany's NIS2 implementing law took effect 6 December 2025 with no transition period, expanding regulated entities from 4,500 to roughly 29,000 and giving the BSI direct sanction powers.
EU NIS2 Directive: Enforcement at One Year
Twelve months after the NIS2 transposition deadline, enforcement is uneven, fines are real, and software supply chain obligations are starting to bite.
NIS2 Directive: What EU Software Vendors Must Do Now
NIS2 is in force, transposition is late in half the EU, and the obligations bind anyway if you're in scope. The supply chain security and 24-hour reporting duties, decoded.
NIS2 in Italy: Legislative Decree 138/2024 and the Tiered Sanctions Regime
Italy's NIS2 transposition entered into force on 16 October 2024 via Decree 138/2024, with fines reaching 10 million EUR or 2% of global turnover for essential entities.
EU NIS2 Directive: What Software Supply Chain Teams Need to Know
The NIS2 Directive imposes new cybersecurity obligations across the EU, with specific requirements for supply chain risk management that affect software vendors and their customers.