What Irish Businesses Need to Know About NIS2 Compliance in 2025

NIS2 is the European Union's strengthened cybersecurity and resilience directive, designed to protect essential and important services across the EU. It came into force in October 2024, but Ireland has yet to transpose it into national law. That means Irish businesses still have a short window to act. For companies in key sectors, this directive is not just about digital security — it's about protecting physical infrastructure, services, and reputations.

What Is NIS2 and Why Does It Matter?

NIS2 (Network and Information Security Directive 2) replaces the original NIS Directive (NIS1), expanding the scope and tightening requirements. It brings in broader sector coverage, tougher penalties, and clearer accountability. It applies to both cybersecurity and physical infrastructure protection, including access control, CCTV, alarms, fire systems, and business continuity measures.

This directive signals the EU's seriousness about digital and physical threats. Once Irish legislation is enacted, enforcement will follow quickly.

Who Needs to Comply in Ireland?

NIS2 applies to medium and large enterprises operating in essential and important sectors. This typically means businesses with:

• 50+ employees

• Over €10 million in turnover or balance sheet total

Essential sectors include:

• Energy (electricity, oil, gas, hydrogen)

• Transport (air, rail, road, maritime)

• Healthcare and medical manufacturing

• Water supply and wastewater

• Public administration

• Digital infrastructure (DNS providers, cloud, IXPs)

Important sectors include:

• Waste and postal services

• Food production

• Manufacturing of critical products

• Digital platforms and online marketplaces

• IT and managed service providers

Micro and small businesses are generally exempt, unless they provide essential services or support larger critical operators. See the full breakdown of affected sectors and requirements here: NIS2 Compliance Services for Irish Businesses

What Are the Key Requirements?

Under NIS2, in-scope businesses will need to:

• Implement risk management and incident response processes

• Ensure physical security of IT and operational infrastructure

• Monitor, test and maintain systems (e.g., CCTV, access control)

• Train staff in security awareness and system use

• Report major incidents within 24 hours

• Maintain detailed documentation and logs for auditing

This is not just a box-ticking exercise. It's a full review of how your business protects itself from disruption.

What Happens If You Don’t Comply?

The penalties for non-compliance are significant:

• Fines up to €10 million or 2% of global turnover

• Directors and senior managers can be held personally liable

• Reputational damage and contract losses for non-compliance

Much like GDPR, NIS2 will be enforceable and taken seriously by Irish regulators once enacted.

How Can You Prepare Now?

Businesses that act early will avoid last-minute stress and high costs. Here’s how to get started:

• Book a NIS2 compliance assessment

• Review your current physical security and access controls

• Ensure maintenance logs, risk assessments and policies are up to date

• Train your staff

• Get ready to document and report incidents within 24 hours

We help Irish businesses get ahead of NIS2 compliance — explore how we do it here.

Final Thoughts: Don’t Wait for the Law to Pass

NIS2 is already in effect across Europe, and Ireland is not far behind. If your business is in a critical sector, now is the time to act. Early preparation means lower risk, better protection, and a smoother path to compliance.

Want expert help? Start your NIS2 compliance journey with Power Right — your trusted partner for fire, energy, and security services in Ireland.