The NIS2 Directive (Directive 2022/2555) requires essential and important entities to implement cybersecurity risk management measures that extend to AI systems, including supply chain security, incident reporting within 24 hours, and management body accountability for cybersecurity governance.
NIS2 Directive and AI Security: Cybersecurity Obligations for AI Systems
NIS2 and AI Security: Overlapping Obligations
The NIS2 Directive (Directive 2022/2555), applicable from 18 October 2024 with Member State transposition required by 17 October 2024, significantly expands the scope of EU cybersecurity regulation. For organisations deploying AI systems, NIS2 creates obligations that intersect with the EU AI Act's cybersecurity requirements under Article 15, creating a dual compliance requirement that demands coordinated security governance.
NIS2 applies to essential entities (energy, transport, banking, health, digital infrastructure, public administration, space) and important entities (postal services, waste management, chemicals, food, manufacturing, digital providers, research). Any AI system operated by or supplied to these entities falls within scope.
NIS2 Cybersecurity Measures for AI Systems
Article 21 of NIS2 mandates that entities implement appropriate and proportionate technical, operational, and organisational measures to manage cybersecurity risks. For AI systems, these measures must address:
| NIS2 Article 21 Requirement | AI-Specific Implementation |
|---|---|
| (a) Policies on risk analysis and information system security | AI-specific threat modeling covering adversarial attacks, model poisoning, data exfiltration |
| (b) Incident handling | AI incident response procedures for model failures, adversarial attacks, data breaches affecting training data |
| (c) Business continuity and crisis management | Fallback procedures when AI systems fail, including manual override capabilities |
| (d) Supply chain security | Security assessment of AI model providers, training data suppliers, cloud infrastructure vendors |
| (e) Security in network and information system acquisition | Security requirements in AI procurement contracts, including model provenance verification |
| (f) Vulnerability handling and disclosure | AI vulnerability management covering model vulnerabilities, prompt injection, adversarial examples |
Incident Reporting for AI Security Events
NIS2 Article 23 imposes a multi-stage incident reporting regime. Entities must submit an early warning to the national CSIRT within 24 hours of becoming aware of a significant incident, followed by an incident notification within 72 hours, and a final report within one month. For AI systems, determining when a security incident has occurred can be challenging: a gradual model degradation caused by data poisoning may not trigger traditional security alerts.
Organisations should define clear criteria for what constitutes an AI-related security incident, including adversarial attacks that alter model outputs, unauthorised access to training data, model exfiltration, and integrity failures in inference pipelines.
Supply Chain Security for AI
Article 21(2)(d) specifically addresses supply chain security, requiring entities to assess the security practices of their direct suppliers and service providers. For AI deployments, this means evaluating the security of foundation model providers, training data vendors, annotation services, MLOps platforms, and inference infrastructure providers.
Practical supply chain security measures include requiring SOC 2 Type II or ISO 27001 certification from AI vendors, contractual security requirements including vulnerability disclosure timelines, and periodic security assessments of AI supply chain components.
Interaction with EU AI Act Article 15
Article 15 of the EU AI Act requires high-risk AI systems to achieve an appropriate level of cybersecurity, including resilience against unauthorised access, data poisoning, adversarial examples, and model manipulation. NIS2 complements this by providing the organisational and procedural framework within which AI cybersecurity is managed.
Where both instruments apply, organisations should develop unified security controls that satisfy both requirements simultaneously. A cybersecurity risk assessment that addresses NIS2 Article 21 requirements while also covering EU AI Act Article 15 threats reduces duplication and ensures coherent security governance.
Management Accountability
NIS2 Article 20 holds management bodies personally responsible for approving and overseeing cybersecurity risk management measures. Management members must undergo cybersecurity training. For AI-intensive organisations, this means board members and senior executives must understand AI-specific security risks, not just traditional IT security. Failure to meet governance obligations can result in temporary management bans under Article 32(5)(b).
Practical Steps
- Determine whether your organisation is an essential or important entity under NIS2
- Map AI systems against NIS2 scope and identify overlaps with EU AI Act high-risk classifications
- Develop AI-specific incident detection criteria and integrate them into NIS2 reporting workflows
- Assess AI supply chain security against Article 21(2)(d) requirements
- Train management bodies on AI-specific cybersecurity risks
- Implement coordinated security controls satisfying both NIS2 and EU AI Act Article 15
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.