News 13/2/2025
This article will guide you on how to prepare your organization for the NIS2 directive.
On February 6th, the Portuguese Council of Ministers approved the draft law for the new cybersecurity framework, known as NIS2. This EU directive aims to strengthen Member States’ public cybersecurity policies. by:
This is a period of significant uncertainty for businesses in Portugal and across the EU. Companies must quickly and precisely comply with new requirements to avoid falling behind or facing penalties.
It is therefore essential to clearly define what NIS2 entails, its scope of application, its key obligations, and the consequences of non-compliance.
Compared to the original NIS Directive adopted in 2016, NIS2 broadens its scope to cover a greater number of organisations.
Under the new framework, entities are required to comply with cybersecurity regulations, particularly if they operate in sectors deemed critical to society and the economy.
Organisations subject to NIS2 are divided into two categories:
Essential Sectors, industries where disruption could have severe consequences for public safety and societal stability, including:
Important Sectors, that while not as critical as the Essential Sectors, these industries are still vital for economic stability and digital security:
Your organisation falls under the scope of NIS2 if:
This strict regulatory approach ensures that entities with the highest impact on digital security and essential services in Portugal comply with cybersecurity requirements.
If your organisation falls under NIS2, it must report significant cybersecurity incidents to the National Cybersecurity Centre (CNCS) in stages:
However, compliance with NIS2 goes beyond incident reporting. Organisations must also implement robust technical, organisational, and operational measures to meet the highest cybersecurity standards.
This means:
The new cybersecurity framework introduces stricter penalties than its predecessor. These include:
With this new regulatory framework, authorities in EU Member States can impose public disclosures of non-compliance, issue official statements naming responsible individuals, and even temporarily ban executives from holding management positions in cases of repeated violations.
NIS2 compliance is not just a legal requirement – it’s an opportunity to enhance your organisation’s cybersecurity.
At Timestamp, we bring over 20 years of cybersecurity expertise, a team of 50+ senior specialists, and top-tier technology partnerships to ensure a secure and seamless digital transformation.
Our proven methodology integrates NIS2 requirements with best industry practices, guaranteeing a smooth and comprehensive transition to the new cybersecurity paradigm.
Learn how Timestamp can support your organisation: https://www.timestampgroup.com/en/offer/privacy-and-digital-security-en
Share this post
News | 18/8/2025
Timestamp Successfully Implements Oracle EPM Cloud Solution at Bluepharma Group
Timestamp successfully implements Oracle EPM Cloud at Bluepharma, optimising financial consolidation and strengthening its digital transformation with a scalable, secure solution.
News | 29/7/2025
Timestamp highlights Human Experience and BTP at AUSAPE 2025
At AUSAPE 2025, José Miguel Magdaleno shared Timestamp’s vision for SAP BTP and human-centred innovation
News | 29/7/2025
Timestamp consolidates its commitment to generative AI at the Agentforce World Tour Lisbon
Timestamp is participating as a sponsor at the Agentforce World Tour Lisbon 2025, Salesforce’s global event focused on generative AI and intelligent agents for businesses.