NIS2 - Annex to the Commission Implementing Regulation 2024/2690 with Technical Implementation Guidance by ENISA

EUROPEAN COMMISSION + ENISA

This framework is based on 2 documents : 1. ANNEX to the Commission Implementing Regulation laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers. Source : https://www.enisa.europa.eu/publications/nis2-technical-implementation-guidance 2. Technical Implementation Guidance On Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down rules for the application of NIS2 Directive as regards technical and methodological requirements of cybersecurity risk-management measures. JUNE 2025, VERSION 1.0 Source : https://www.enisa.europa.eu/publications/nis2-technical-implementation-guidance