{"id":35169,"date":"2026-01-28T14:08:58","date_gmt":"2026-01-28T13:08:58","guid":{"rendered":"https:\/\/www.codemotion.com\/magazine\/?p=35169"},"modified":"2026-01-28T14:09:01","modified_gmt":"2026-01-28T13:09:01","slug":"nis2-what-actually-changes-for-companies-and-tech-teams","status":"publish","type":"post","link":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/","title":{"rendered":"NIS2: what actually changes for companies and tech teams"},"content":{"rendered":"\n

(and why it\u2019s not \u201cjust compliance\u201d)<\/em><\/p>\n\n\n\n

A specter is haunting Europe: NIS2<\/strong>.<\/p>\n\n\n\n

No, it won\u2019t be used by anyone to found a new economic order\u2014but we should still brace ourselves. If you work in IT\u2014developer, sysadmin, cloud architect, DevOps, or product lead\u2014you\u2019ve almost certainly heard this sentence at least once in the past few months:<\/p>\n\n\n\n

\n

\u201cWe need to comply with NIS2.\u201d<\/p>\n<\/blockquote>\n\n\n\n

And right on cue, a reflex kicks in:<\/p>\n\n\n\n

\u201cCool. Another regulation. Another thing to sign. Another table to fill in. Another Excel file that will quietly die in SharePoint.\u201d<\/p>\n\n\n\n

Except\u2026 this time, that mental model doesn\u2019t really work.<\/p>\n\n\n\n

Because NIS2 isn\u2019t a bureaucratic checklist you tick once and forget. It\u2019s a shift in mindset<\/strong>. It drags cybersecurity out of the \u201ctechnical topic\u201d drawer and drops it squarely into day-to-day operations: resilience, continuity, and risk management.<\/p>\n\n\n\n

In short: it doesn\u2019t just ask you to be<\/em> secure.
It asks you to prove<\/strong> you are, to know what to do when things go wrong, and to manage risk well beyond the comforting boundaries of your own datacenter or cloud account.<\/p>\n\n\n\n

Because today, the most dangerous attack rarely comes from the most obvious hole. It usually shows up via an integration, a dependency, a supplier, a SaaS tool\u2014or that extremely efficient colleague who, \u201cjust to speed things up,\u201d fed your entire company data lake to the latest LLM.<\/p>\n\n\n\n

In this article we\u2019ll look at what NIS2 actually is, who it affects, what really changes compared to the past, and\u2014most importantly\u2014what it means in practice<\/em> for tech teams, without turning it into a meeting with a legal wizard.<\/p>\n\n\n\n

\n\n\n\n

Why Europe felt the need for NIS2<\/h2>\n\n\n\n

It\u2019s tempting to describe NIS2 as \u201cNIS1, but better,\u201d but that undersells it.<\/p>\n\n\n\n

NIS2 exists because it became painfully obvious that many organizations\u2014even critical ones\u2014have handled security in a fragmented way: some tools here, some processes there, a few well-run projects and a few abandoned halfway. The end result is often security that\u2019s neither measurable nor stable\u2014and eventually, a headline.<\/p>\n\n\n\n

The problem isn\u2019t just that attacks are increasing. It\u2019s that entry points are multiplying<\/strong>. You can have a well-managed internal infrastructure and still get burned because a supplier, a SaaS service, or a software dependency introduced a risk you never really accounted for.<\/p>\n\n\n\n

Security, in other words, no longer lives only inside your house<\/strong>.<\/p>\n\n\n\n

This is where NIS2 raises the bar. It doesn\u2019t just ask you to protect a perimeter. It asks you to think about how your organization manages risk across the entire ecosystem it depends on\u2014which, for any digital business, is pretty much everything.<\/p>\n\n\n\n

\n\n\n\n

\u201cDoes this apply to us?\u201d<\/h2>\n\n\n\n

The question everyone asks<\/p>\n\n\n\n

One thing you see all the time: companies start the NIS2 conversation by looking for a binary answer\u2014are we in or out?<\/em><\/p>\n\n\n\n

Fair question. Nobody wants to spend months on something that \u201ctechnically doesn\u2019t apply.\u201d<\/p>\n\n\n\n

But the real answer isn\u2019t that clean.<\/p>\n\n\n\n

Because NIS2 doesn\u2019t just have direct effects. It creates ripple effects<\/strong>. If a company falls under NIS2, it will start demanding higher standards and guarantees from its suppliers. And that process isn\u2019t optional\u2014it\u2019s inevitable.<\/p>\n\n\n\n

So even if you\u2019re not formally in scope, you might still be involved because you work for<\/em> someone who is. Or because you run a critical part of their operations. Or because you provide digital services: hosting, development, support, infrastructure, monitoring.<\/p>\n\n\n\n

In short: if you help keep services, data, and processes alive, then\u2014poetically speaking\u2014it\u2019s probably not a great idea to ask for whom the bell tolls<\/em>.<\/p>\n\n\n\n

\n\n\n\n

What really changes: not the theory, the substance<\/h2>\n\n\n\n

The biggest practical difference compared to how many organizations handled security until yesterday is simple:<\/p>\n\n\n\n

It\u2019s no longer enough to say \u201cwe\u2019ve done security.\u201d<\/em>
You have to show that security is managed as a system<\/strong>.<\/p>\n\n\n\n

That leads to some very concrete consequences.<\/p>\n\n\n\n

1. Security becomes transversal<\/h3>\n\n\n\n

Security stops being \u201cthe security team\u2019s project\u201d or \u201can IT thing.\u201d It becomes part of governance<\/strong>.<\/p>\n\n\n\n

That means management can\u2019t stay on the sidelines anymore. And in many companies, this alone changes the dynamic completely. Security becomes a decision-making topic: budget, priorities, accountability, acceptable risk.<\/p>\n\n\n\n

2. Incidents stop being hypothetical<\/h3>\n\n\n\n

NIS2 doesn\u2019t say \u201cyou must never have incidents.\u201d It says you must know what to do when<\/strong> one happens.<\/p>\n\n\n\n

Because what often kills a company isn\u2019t the attack itself\u2014it\u2019s the chaos around it. Hours wasted figuring out who decides what. Conflicting messages. Systems shut down at random. Premature restarts. Vendors called when it\u2019s already too late. Meanwhile, the service is still down.<\/p>\n\n\n\n

3. The supply chain becomes unavoidable<\/h3>\n\n\n\n

This is the heavy one.<\/p>\n\n\n\n

In a hyper-connected world, \u201chow secure is our supplier?\u201d becomes an operational<\/strong> question, not a procurement checkbox. If a third party has privileged access to your environment or runs a critical part of your workflow, then their<\/em> risk is your<\/em> risk.<\/p>\n\n\n\n

\n\n\n\n

The most misunderstood part: \u201crisk management\u201d is not a document<\/h2>\n\n\n\n

Risk management is one of those terms that gets repeated so often it risks becoming meaningless. Many people immediately picture a spreadsheet with probability and impact scores from 1 to 5, colored from green to red.<\/p>\n\n\n\n

But for a tech team, risk management is far more concrete. It\u2019s about being able to answer questions we usually ignore\u2014until someone forces us to.<\/p>\n\n\n\n

Do we actually know what assets we have?
What\u2019s in production? What\u2019s been \u201ctemporarily in use\u201d for six months? What was created by a team that no longer exists but still works so nobody touched it?<\/p>\n\n\n\n

Do we know how many credentials exist\u2014and where they ended up?
Do we know which accounts have way more privileges than they should?<\/p>\n\n\n\n

Is patching under control, or does it depend on whichever hero remembers to update things once in a while?
Backups exist\u2014but have we ever actually restored them, or do we just trust the fact that \u201cthe job is green\u201d?<\/p>\n\n\n\n

When a system goes down, can we recover in reasonable time, or does recovery feel like a traumatic event?<\/p>\n\n\n\n

Simple questions. Massive difference between declared security<\/strong> and real security<\/strong>.<\/p>\n\n\n\n

\n\n\n\n

Incident reporting: stressful, uncomfortable, necessary<\/h2>\n\n\n\n

Among all NIS2 requirements, incident handling and reporting is usually the one that creates the most anxiety.<\/p>\n\n\n\n

That\u2019s normal. It hits a sensitive nerve: admitting something happened, documenting it, communicating it. Nobody enjoys saying \u201cwe weren\u2019t ready.\u201d<\/p>\n\n\n\n

But here\u2019s the truth: most companies aren\u2019t unprepared because they\u2019re incompetent. They\u2019re unprepared because they never structured a response. And without structure, an incident turns into chaos.<\/p>\n\n\n\n

This isn\u2019t an \u201centerprise-only\u201d exercise. It\u2019s just the grown-up version of something we all already do: reacting when things break\u2014only with more clarity.<\/p>\n\n\n\n

Who decides this is an incident and not \u201cjust a glitch\u201d?
Who authorizes drastic actions?
Who talks to vendors?
Who checks whether data is involved?
Who handles internal communication?
Who collects evidence while everyone else is trying to bring systems back online?<\/p>\n\n\n\n

If you\u2019ve never defined these things before, you won\u2019t magically do it well at the worst possible moment.<\/p>\n\n\n\n

\n\n\n\n

The supply chain: where games are won (or lost)<\/h2>\n\n\n\n

You\u2019ll often hear: \u201cWe\u2019re secure.\u201d<\/p>\n\n\n\n

And maybe you are\u2014inside your perimeter.<\/p>\n\n\n\n

But if you use external services (and everyone does), security is no longer an internal property. It\u2019s an ecosystem<\/strong>.<\/p>\n\n\n\n

The problem isn\u2019t that suppliers are evil. It\u2019s that they\u2019re different. Some are mature. Some are fragile. Some are excellent but terrible at communication. Others communicate beautifully and have weak practices.<\/p>\n\n\n\n

NIS2 makes this unavoidable: you\u2019ll need to identify which third parties are truly critical and what level of access they have. Because if an external service has elevated privileges in your environment, you can\u2019t treat it as a footnote.<\/p>\n\n\n\n

For many organizations, this will be the hardest part\u2014not because it\u2019s technically complex, but because it\u2019s culturally uncomfortable. It means adding rules where there used to be implicit trust. Asking for evidence where \u201cdon\u2019t worry, we\u2019re certified\u201d used to be enough. Governing risk that, until yesterday, was simply invisible.<\/p>\n\n\n\n

\n\n\n\n

NIS2 and tech teams: not a brake, a level-up<\/h2>\n\n\n\n

If you work in DevOps or Cloud, your first reaction might be: \u201cGreat, more rules, more constraints.\u201d<\/p>\n\n\n\n

But there\u2019s another way to look at it.<\/p>\n\n\n\n

Many things NIS2 pushes for are the same things that make your life less miserable<\/em> in production. Because good security isn\u2019t bureaucracy\u2014it\u2019s engineering quality<\/strong>.<\/p>\n\n\n\n

Better observability means better troubleshooting.
Better credential management means fewer dumb incidents.
Automated hardening means more consistent environments.
Clear release and patching processes mean fewer \u201cdeploys of terror.\u201d<\/p>\n\n\n\n

NIS2 can be seen as a political push to bring organizations to a more mature operating model\u2014to stop improvising and start building systems that actually hold.<\/p>\n\n\n\n

\n\n\n\n

Where to start (without turning it into an endless initiative)<\/h2>\n\n\n\n

When something like NIS2 hits the table, the instinct is to launch a massive project: committees, roadmaps, endless deliverables. Ironically, that\u2019s often the fastest way to kill it.<\/p>\n\n\n\n

The goal isn\u2019t to do everything at once.
The goal is to move the organization in a coherent direction<\/strong>.<\/p>\n\n\n\n

In many cases, it makes sense to start with two or three brutally concrete things that have outsized impact\u2014and quickly reveal where the real problems are. For example: how privileged access is managed, whether backups are actually restorable, whether an incident plan exists beyond \u201ccall Marco, he knows.\u201d<\/p>\n\n\n\n

Once that\u2019s done, everything else becomes progression. Because maturity doesn\u2019t come from documents. It comes from habits, routines, automation, and repeated decisions over time.<\/p>\n\n\n\n

\n\n\n\n

Conclusion: NIS2 doesn\u2019t ask you to be perfect\u2014it asks you to be ready<\/h2>\n\n\n\n

Let\u2019s clear up a common misunderstanding: NIS2 doesn\u2019t demand zero incidents. It demands that you can face them without collapsing<\/strong>.<\/p>\n\n\n\n

And, just for fun, it also introduces the joy of audits for organizations that provide critical services\u2014an experience from which few emerge psychologically unscathed.<\/p>\n\n\n\n

Being prepared makes a massive difference.<\/p>\n\n\n\n

Being ready means knowing your likely risks, your weak points, who has access to what, and how to respond when something happens. It means not discovering during an emergency that \u201cthe backup was on the server that just got encrypted too.\u201d It means not spending hours deciding who gets to decide.<\/p>\n\n\n\n

In the end, the real promise of NIS2 isn\u2019t \u201cmore compliance.\u201d
It\u2019s something far more useful: organizations that stay on their feet when things go wrong<\/strong>.<\/p>\n\n\n\n

And in 2026, for anyone working in tech, that\u2019s the difference between a bad day\u2014and a disaster.<\/p>\n","protected":false},"excerpt":{"rendered":"

(and why it\u2019s not \u201cjust compliance\u201d) A specter is haunting Europe: NIS2. No, it won\u2019t be used by anyone to found a new economic order\u2014but we should still brace ourselves. If you work in IT\u2014developer, sysadmin, cloud architect, DevOps, or product lead\u2014you\u2019ve almost certainly heard this sentence at least once in the past few months:… Read more<\/a><\/p>\n","protected":false},"author":238,"featured_media":35135,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[4329],"tags":[13814,13812,12152],"collections":[],"class_list":{"0":"post-35169","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cybersecurity","8":"tag-compliance","9":"tag-nis2","10":"tag-security-2","11":"entry"},"yoast_head":"\nNIS2: More Than Just Compliance<\/title>\n<meta name=\"description\" content=\"Let\u2019s clear up a common misunderstanding: NIS2 doesn\u2019t demand zero incidents. It demands that you can face them without collapsing. Read more!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIS2: what actually changes for companies and tech teams\" \/>\n<meta property=\"og:description\" content=\"Let\u2019s clear up a common misunderstanding: NIS2 doesn\u2019t demand zero incidents. It demands that you can face them without collapsing. Read more!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/\" \/>\n<meta property=\"og:site_name\" content=\"Codemotion Magazine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Codemotion.Italy\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-28T13:08:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-28T13:09:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Arnaldo Morena\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CodemotionIT\" \/>\n<meta name=\"twitter:site\" content=\"@CodemotionIT\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnaldo Morena\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/\"},\"author\":{\"name\":\"Arnaldo Morena\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/72209dcaf2205f28968d38489892bd17\"},\"headline\":\"NIS2: what actually changes for companies and tech teams\",\"datePublished\":\"2026-01-28T13:08:58+00:00\",\"dateModified\":\"2026-01-28T13:09:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/\"},\"wordCount\":1798,\"publisher\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg\",\"keywords\":[\"compliance\",\"NIS2\",\"security\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/\",\"name\":\"NIS2: More Than Just Compliance\",\"isPartOf\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg\",\"datePublished\":\"2026-01-28T13:08:58+00:00\",\"dateModified\":\"2026-01-28T13:09:01+00:00\",\"description\":\"Let\u2019s clear up a common misunderstanding: NIS2 doesn\u2019t demand zero incidents. It demands that you can face them without collapsing. Read more!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#primaryimage\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg\",\"contentUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg\",\"width\":800,\"height\":533,\"caption\":\"NIS2\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.codemotion.com\/magazine\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"NIS2: what actually changes for companies and tech teams\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#website\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/\",\"name\":\"Codemotion Magazine\",\"description\":\"We code the future. Together\",\"publisher\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.codemotion.com\/magazine\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#organization\",\"name\":\"Codemotion\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png\",\"contentUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png\",\"width\":225,\"height\":225,\"caption\":\"Codemotion\"},\"image\":{\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Codemotion.Italy\/\",\"https:\/\/x.com\/CodemotionIT\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/72209dcaf2205f28968d38489892bd17\",\"name\":\"Arnaldo Morena\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2024\/01\/whatsapp-image-100x100.jpg\",\"contentUrl\":\"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2024\/01\/whatsapp-image-100x100.jpg\",\"caption\":\"Arnaldo Morena\"},\"description\":\"First steps i moved into computers world were my beloved basic programs I wrote on a Zx Spectrum in early 80s. In 90s , while i was studing economic , i was often asked to help people on using personal computer for every day business : It's been a one way ticket. First and lasting love was for managing data , so i have started using msaccess and SqlServer to build databases , elaborate information and reports using tons and tons of Visual Basic code . My web career started developing in Asp and Asp.net , then I began to use php . I like to have an administrative approach ,too .In fact i have earned many certifications on database administration . Mixing up this two factors i developed many programs for data collecting and analyzing, being involved on publishing reports and articles based on elaborated information , in scenarios as Public Administration training , collaboration project between universities all over the world or survey on genetic structure and their relative kind of analysis. Actually i am involved in collecting data by using automated sensor IoT, that lead me on joining Arduino community in Rome, and integrating my application with more instruments , working in fields like Open and Big data , and using data mining software .\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/arnymore\/\"],\"url\":\"https:\/\/www.codemotion.com\/magazine\/author\/arnaldo-morena\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"NIS2: More Than Just Compliance","description":"Let\u2019s clear up a common misunderstanding: NIS2 doesn\u2019t demand zero incidents. It demands that you can face them without collapsing. Read more!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/","og_locale":"en_US","og_type":"article","og_title":"NIS2: what actually changes for companies and tech teams","og_description":"Let\u2019s clear up a common misunderstanding: NIS2 doesn\u2019t demand zero incidents. It demands that you can face them without collapsing. Read more!","og_url":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/","og_site_name":"Codemotion Magazine","article_publisher":"https:\/\/www.facebook.com\/Codemotion.Italy\/","article_published_time":"2026-01-28T13:08:58+00:00","article_modified_time":"2026-01-28T13:09:01+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg","type":"image\/jpeg"}],"author":"Arnaldo Morena","twitter_card":"summary_large_image","twitter_creator":"@CodemotionIT","twitter_site":"@CodemotionIT","twitter_misc":{"Written by":"Arnaldo Morena","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#article","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/"},"author":{"name":"Arnaldo Morena","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/72209dcaf2205f28968d38489892bd17"},"headline":"NIS2: what actually changes for companies and tech teams","datePublished":"2026-01-28T13:08:58+00:00","dateModified":"2026-01-28T13:09:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/"},"wordCount":1798,"publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg","keywords":["compliance","NIS2","security"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/","url":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/","name":"NIS2: More Than Just Compliance","isPartOf":{"@id":"https:\/\/www.codemotion.com\/magazine\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#primaryimage"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg","datePublished":"2026-01-28T13:08:58+00:00","dateModified":"2026-01-28T13:09:01+00:00","description":"Let\u2019s clear up a common misunderstanding: NIS2 doesn\u2019t demand zero incidents. It demands that you can face them without collapsing. Read more!","breadcrumb":{"@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#primaryimage","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg","width":800,"height":533,"caption":"NIS2"},{"@type":"BreadcrumbList","@id":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/nis2-what-actually-changes-for-companies-and-tech-teams\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.codemotion.com\/magazine\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/"},{"@type":"ListItem","position":3,"name":"NIS2: what actually changes for companies and tech teams"}]},{"@type":"WebSite","@id":"https:\/\/www.codemotion.com\/magazine\/#website","url":"https:\/\/www.codemotion.com\/magazine\/","name":"Codemotion Magazine","description":"We code the future. Together","publisher":{"@id":"https:\/\/www.codemotion.com\/magazine\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.codemotion.com\/magazine\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.codemotion.com\/magazine\/#organization","name":"Codemotion","url":"https:\/\/www.codemotion.com\/magazine\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2019\/11\/codemotionlogo.png","width":225,"height":225,"caption":"Codemotion"},"image":{"@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Codemotion.Italy\/","https:\/\/x.com\/CodemotionIT"]},{"@type":"Person","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/72209dcaf2205f28968d38489892bd17","name":"Arnaldo Morena","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codemotion.com\/magazine\/#\/schema\/person\/image\/","url":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2024\/01\/whatsapp-image-100x100.jpg","contentUrl":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2024\/01\/whatsapp-image-100x100.jpg","caption":"Arnaldo Morena"},"description":"First steps i moved into computers world were my beloved basic programs I wrote on a Zx Spectrum in early 80s. In 90s , while i was studing economic , i was often asked to help people on using personal computer for every day business : It's been a one way ticket. First and lasting love was for managing data , so i have started using msaccess and SqlServer to build databases , elaborate information and reports using tons and tons of Visual Basic code . My web career started developing in Asp and Asp.net , then I began to use php . I like to have an administrative approach ,too .In fact i have earned many certifications on database administration . Mixing up this two factors i developed many programs for data collecting and analyzing, being involved on publishing reports and articles based on elaborated information , in scenarios as Public Administration training , collaboration project between universities all over the world or survey on genetic structure and their relative kind of analysis. Actually i am involved in collecting data by using automated sensor IoT, that lead me on joining Arduino community in Rome, and integrating my application with more instruments , working in fields like Open and Big data , and using data mining software .","sameAs":["https:\/\/www.linkedin.com\/in\/arnymore\/"],"url":"https:\/\/www.codemotion.com\/magazine\/author\/arnaldo-morena\/"}]}},"featured_image_src":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-600x400.jpg","featured_image_src_square":"https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-600x533.jpg","author_info":{"display_name":"Arnaldo Morena","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/arnaldo-morena\/"},"uagb_featured_image_src":{"full":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg",800,533,false],"thumbnail":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-150x150.jpg",150,150,true],"medium":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-768x512.jpg",768,512,true],"large":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg",800,533,false],"1536x1536":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg",800,533,false],"2048x2048":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo.jpg",800,533,false],"small-home-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-100x100.jpg",100,100,true],"sidebar-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-180x128.jpg",180,128,true],"genesis-singular-images":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-800x504.jpg",800,504,true],"archive-featured":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-400x225.jpg",400,225,true],"gb-block-post-grid-landscape":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-600x400.jpg",600,400,true],"gb-block-post-grid-square":["https:\/\/www.codemotion.com\/magazine\/wp-content\/uploads\/2026\/01\/circolo-600x533.jpg",600,533,true]},"uagb_author_info":{"display_name":"Arnaldo Morena","author_link":"https:\/\/www.codemotion.com\/magazine\/author\/arnaldo-morena\/"},"uagb_comment_info":0,"uagb_excerpt":"(and why it\u2019s not \u201cjust compliance\u201d) A specter is haunting Europe: NIS2. No, it won\u2019t be used by anyone to found a new economic order\u2014but we should still brace ourselves. If you work in IT\u2014developer, sysadmin, cloud architect, DevOps, or product lead\u2014you\u2019ve almost certainly heard this sentence at least once in the past few months:……","lang":"en","_links":{"self":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/35169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/users\/238"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/comments?post=35169"}],"version-history":[{"count":1,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/35169\/revisions"}],"predecessor-version":[{"id":35171,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/posts\/35169\/revisions\/35171"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media\/35135"}],"wp:attachment":[{"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/media?parent=35169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/categories?post=35169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/tags?post=35169"},{"taxonomy":"collections","embeddable":true,"href":"https:\/\/www.codemotion.com\/magazine\/wp-json\/wp\/v2\/collections?post=35169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}