About NIS2Dir.eu
NIS2Dir.eu is an independent, free information guide to the EU NIS2 and CER Directives. This page explains who runs the project and why it exists.
Who Runs This Site?
Henrik Thomsen
IT Operations Manager
Henrik Thomsen is an IT Operations Manager with extensive hands-on experience in cybersecurity, critical infrastructure protection, and regulatory compliance. His daily work spans running security operations, monitoring infrastructure with SIEM tools (Wazuh, Zabbix), building internal PKI systems, and documenting disaster recovery and backup procedures.
Through his work at Yal Labs, Henrik develops AI-native SaaS products including seobot.dk (SEO automation) and ipet.dk, with a focus on LLM integrations, RAG, and MCP. This real-world operational perspective feeds directly into the content on NIS2Dir.eu.
NIS2 and CER are not abstract legal requirements: they translate directly into the security measures that IT teams have to implement and maintain every day. That operational experience is what distinguishes paper compliance from real compliance.
Why Does This Site Exist?
"NIS2 and CER are the most significant EU cybersecurity and resilience legislation ever enacted. Many businesses, especially mid-size enterprises, lack a clear, no-nonsense guide to understanding their obligations. NIS2Dir.eu fills that gap: independent, factual, updated, and free."
β Henrik Thomsen, Operator of NIS2Dir.eu
Many compliance resources online are either too legalistic for IT teams, too shallow for experienced practitioners, or hidden behind consulting sales pitches. NIS2Dir.eu focuses on practical utility: which measures are specifically required, how reporting obligations are structured, and who faces personal liability.
The site is updated as new national implementing laws come into force, as ENISA publishes new technical guidelines, and as early enforcement cases emerge. Information on this site is based on published EU secondary legislation, supplemented by national transposition reports.
What Does the Site Cover?
NIS2 Directive
Complete guide to EU 2022/2555: scope, Article 21 measures, Article 23 incident reporting, fines, and management liability.
CER Directive
Physical resilience requirements under EU 2022/2557 for critical entities in energy, transport, health, and digital infrastructure.
Country Guides
How each EU member state has transposed NIS2: national law names, competent authorities, CSIRT reporting portals, and local additions.
Free Compliance Tools
Interactive tools including a scope checker, Article 21 gap assessment, incident report builder, and NIS2/CER classifier β all browser-based.
Editorial Standards
All information on NIS2Dir.eu is derived directly from the Official Journal of the European Union, ENISA guidelines, and national competent authority publications. We do not summarise third-party summaries. Articles are published with citations to the relevant EUR-Lex documents.
Content is updated when the legal position changes: when new national laws are passed, when ENISA publishes technical specifications, or when enforcement authorities publish interpretive guidance. Each page shows when it was last reviewed.
Primary sources: NIS2 Directive (EU 2022/2555) Β· CER Directive (EU 2022/2557) Β· Implementing Regulation (EU) 2024/2690 Β· ENISA NIS2 Resources
Disclaimer
This site provides general information only and does not constitute legal advice. NIS2Dir.eu is not a law firm and does not provide legal recommendations. The information provided on this site describes EU legislation of a general nature; national implementing laws may differ. For compliance advice tailored to your organisation, consult a qualified attorney or accredited compliance consultant.
Contact
For questions, corrections, or feedback about the site, contact Henrik Thomsen via LinkedIn:
LinkedIn: Henrik Thomsen β