NIS 2 Directive Article 3 – Essential and important entities

• Introduction to the NIS 2 Directive Article 3

• Brief overview of the NIS 2 Directive and its importance in ensuring cybersecurity across essential and important entities.

• Essential Entities under Article 3

• Explanation of the entities considered essential under the Directive, including those exceeding medium-sized enterprise thresholds, trust service providers, and public administration entities.

• Important Entities under Article 3

• Discussion on the entities classified as necessary under the Directive, such as those identified by Member States as significant in specific sectors.

• Listing of Essential and Important Entities

• Overview of the requirement for Member States to list essential and important entities by 17 April 2025 and the process for updating this list at least every two years.

• Obligations for Entities

• Explanation of the obligations for entities to provide their details, sector/subsector information, and service locations to Member States, with a requirement to notify any changes within a specified timeframe.

• Guidelines and Templates

• Information on the guidelines and templates provided by the Commission and ENISA for entity registration and the option for Member States to establish national mechanisms for this purpose.

In conclusion, the NIS 2 Directive Article 3 outlines the criteria for essential entities crucial for the functioning of the digital ecosystem. Member States need to identify and list these entities by April 2025 to ensure their cybersecurity resilience and mitigate potential threats.

By establishing clear guidelines and mechanisms for entity registration, the Directive aims to enhance the European Union's overall cybersecurity posture and promote a safer digital environment for all stakeholders.