The clock is ticking: How to prepare for upcoming NIS2 Directive deadline

The October 17, 2024 deadline for European Union (EU) Member States to implement the NIS2 Directive into their respective national legislations is fast approaching. We first highlighted NIS2 and the new requirements in a blog post back in March 2023, and now that  the deadline is looming, all businesses across the EU must closely monitor developments and prepare for the enhanced cybersecurity requirements that are forthcoming. 

The Network and Information Security (NIS) Directive was introduced in 2016 as a legal framework for cybersecurity standards across the EU. Although the intention was admirable and set a clear direction, it did not impact the landscape as intended. The NIS2 Directive entered into force in January 2023, and is an attempt to address the shortcomings by updating and expanding both the requirements and scope.

NIS2 introduces new security requirements and supervisory measures, and covers more entities from a wider range of sectors, and their supply chain partners. 

Be prepared – NIS2 introduces stricter penalties and requirements

Failure to comply with NIS2 can result in substantial penalties, underscoring the urgency of the matter, with a careful distinction between essential and important entities. Visit the page here for full details on what the penalties and violations include.

The first NIS Directive required operators of essential services and digital service providers to adopt technical and organisational measures appropriate and proportionate to risk. This means taking into account the security of systems and facilities, incident handling, business continuity management, monitoring, auditing and testing, and compliance with international standards. Unfortunately, this broad range and non-specificity resulted in significant gaps in how Member States laid out and enforced their requirements. 

To strengthen overall cybersecurity throughout the EU, NIS2 now includes a framework for incident reporting requirements, supervisory and enforcement activities (e.g. audits, meaning you need the tools to demonstrate your cyber hygiene and have the ability to know and report incidents) by Member States. It also requires minimum technical, operational and organisational obligations across both organisations and their supply chains, with respect to:

  • The use of multi-factor authentication (MFA) 
  • Cryptography & encryption policies
  • Risk analysis and information security policies
  • Incident handling
  • Business continuity planning
  • Supply chain security
  • Network and information system security
  • Policies and procedures to assess security measures
  • Cyber hygiene practices (e.g. Zero Trust) and cybersecurity training
  • Access control policies

How Yubico helps address authentication challenges to meet the NIS2 Directive

The YubiKey provides the most secure authentication method using the FIDO2 (device-bound passkey) and PIV protocols, and supports legacy MFA protocols to ensure all systems are protected. Many NIS2 essential or important entities rely on legacy production equipment, shared workstations and mobile-restricted environments. 

The YubiKey is the ideal tool for complex critical infrastructure organisations, providing the flexibility to navigate between devices and across hundreds of products, services and applications, including leading identity and access management (IAM) platforms, privileged access management (PAM) solutions and cloud services, with secrets never shared between services, as access rights can be allocated on a domain basis. The YubiKey doesn’t require additional hardware, software, external power, batteries or network connection. Secure authentication is simple: plug the YubiKey into a USB port and touch the button, or tap for NFC. 

Besides helping to address MFA concerns, Yubico also offers the YubiHSM 2 – a purpose-built HSM to enable compliance, store and generate cryptographic keys, safeguard secrets and perform cryptographic operations. YubiHSM satisfies NIS2 encryption requirements for your organisation and supply chain partners, since NIS2 requires supply chain controls and protection of your databases. The world’s smallest Hardware Security Module (HSM), with support for common interfaces such as PKCS11 and Microsoft CNG, the YubiHSM 2 is ideal for the following:   

No matter what stage your organization is in, Yubico is here to help you prepare for the impending NIS2 deadline. For any questions on how to get started implementing YubiKeys today, contact our team.

For more information on the NIS2 Directive and what it means for your organization, visit our initial blog post and new Ebook: Prepare for NIS2 Compliance with the YubiKey.

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Entering the second half of 2025 with momentumAs we continue to move further into the second half of 2025, I want to share a look back at our journey so far this year and as well as lay out Yubico’s strategic path ahead.  Resurgence in order growth and key segment wins While net sales declined for Q2, the end of the quarter […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Survey says: Your dog’s name isn’t a passwordWe all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked 5,000 Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they […]Read moreCompany Newssurvey
  • Passkeys are winning, but security leaders must raise the barPasswords are on their way out. In their place is a new form of login called passkeys that promises stronger security and less frustration. All passkeys offer the rare combination of improved usability and stronger security, especially when compared to passwords alone. But unless we act now, millions could be left more vulnerable than ever. […]Read moreDevice-bound passkeysHardware passkeypasskeyssynced passkeys
  • Your top YubiKey questions, answeredOver the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what […]Read moreFAQYubiKey