NIS2-directive at DTU
The NIS2-directive has been issued by the EU and has been implemented with the Danish NIS2 law adopted by the Danish Parlament on April 29, 2025. The law comes into force on July 1, 2025, and the covered entities must register by October 1.
A series of cross-cutting guidelines will be continuously developed to concretize key themes in the NIS2 law. The Ministry of Defence and Emergency Management is responsible for coordinating the implementation of the NIS2 directive in Denmark. Read more about NIS2 here (in Danish).
A series of cross-cutting guidelines will be continuously developed to concretize key themes in the NIS2 law. The Ministry of Defence and Emergency Management is responsible for coordinating the implementation of the NIS2 directive in Denmark. Read more about NIS2 here (in Danish).
The purpose of the NIS2 Directive is to ensure a high level of cybersecurity and resilience against cyber threats in the EU.
Both private and public organizations that are critical to the economy and society will be subject to the NIS2 Directive (in Danish). The Directive contains a list of:
- Sectors of particular critical importance (Annex 1, in Danish)
- Other critical sectors (Annex 2, in Danish)
The directive does not define exactly what 'critical' means but covers organizations and companies where disruptions or breakdowns of services can have serious societal impact. For example, sectors such as energy, transport and health.
The Cyber and Information Security Section (CIS) is responsible for monitoring the development of legislation and initiating specific initiatives at DTU in close collaboration with management and other stakeholders.